|14 Sep 2010|
| || |
Patch Schedule Announced for Actively Exploited Adobe Reader Vulner...
Patch Schedule Announced for Actively Exploited Adobe Reader Vulnerability
Adobe plans to ship a fix for the actively exploited critical vulnerability in Adobe Reader and Acrobat during the week of October 4.
The remote code execution flaw, identified as CVE-2010-2883, was confirmed by Adobe last Wednesday after being spotted in attacks infecting users with malware.
The exploit employs advanced techniques such as return-oriented programming, which defeat ASLR and DEP protection in Windows Vista and 7.
In addition, the the payload involves dropping a piece of malware that was digitally signed with a valid certificate stolen from a US-based credit union.
"We are in the process of finalizing a fix for the issue and expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010," Adobe says in the associated advisory.
This represents an accelerated release of the quarterly update originally scheduled for October 12 and will also address a separate critical vulnerability affecting the Adobe Reader Flash interpreter (authplay.dll).
This second vulnerability (CVE-2010-2884) is also being exploited at the moment to infect computers and will be fixed in Flash Player in around two weeks.
Patch Schedule Announced for Actively Exploited Adobe Reader Vulnerability - Softpedia
|My System Specs|| |
|14 Sep 2010|
| || |
I uninstalled the reader the last time this happened. Also I was disappointed in the way they tried to involve third parties in it's use. But Flash has me concerned. I wish MS would work on getting Silverlight accepted by the majority of users.
|My System Specs|
|Similar help and support threads for: Patch Schedule Announced for Actively Exploited Adobe Reader Vulner...|
|Critical Adobe Reader Vulnerability Exploited in the Wild||News|
|Unpatched Windows Vulnerability Actively Exploited in the Wild||News|
|Adobe considers more frequent patch schedule||Chillout Room|
|Adobe Reader is world's most-exploited app.||Security News|
|Unofficial patch for Adobe Reader||News|