Security Advisory for Adobe Reader and Acrobat

Adobe released a critical security advisory for all platforms. From the advisory:

"A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild.

Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability."

Other than the announcement of the advisory, no additional details are available in the Adobe Product Security Incident Response Team blog.

Release date: September 8, 2010
Vulnerability identifier: APSA10-02
CVE number: CVE-2010-2883
Platform: All

References:

• Adobe - Security Advisories: APSA10-02 - Security Advisory for Adobe Reader and Acrobat
• Adobe Product Security Incident Response Team

A more in-depth look at the vulnerability is available at The Register: Adobe Reader 0day under active attack

Adobe has released a security advisory warning of a serious flaw in its Reader and Acrobat products, enabling hackers to infiltrate machines.
The issue, rated as critical by the company, affects versions up to and including 9.3.4 of both products on Windows, Macs and UNIX systems.
“This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe warned in a blog posting. “There are reports that this vulnerability is being actively exploited in the wild.”
Although it has confirmed the flaw, the firm has yet to release fix or even a date customers can expect one.
Instead the security bulletin just said: “Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability.”