Wednesday, February 20, 2013

Adobe Reader and Acrobat Critical Security Update

Adobe
Following the release of Security Advisory (APSA13-02) related to critical security vulnerabilities in Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Macintosh, Adobe released an update to those versions today.

Because the vulnerabilities are being exploited in the wild in targeted attacks, it is recommended that users of Adobe Reader and Acrobat apply the update as soon as possible.  These updates address critical vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

Release Details

    Release date: February 20, 2013
    Vulnerability identifier: APSB13-07
    CVE number: CVE-2013-0640, CVE-2013-0641
    Platform: All Platforms

    Update or Complete Download

    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

    Enable "Protected View"

    Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Neither the Protected Mode or Protected View option is available for Macintosh users.

    To enable this setting, do the following:
    • Click Edit > Preferences > Security (Enhanced) menu. 
    • Change the "Off" setting to "All Files".
    • Ensure the "Enable Enhanced Security" box is checked. 

    Adobe Protected View
    Image via Sophos Naked Security Blog
    If you are looking for a replacement for Adobe Reader, consider Replacing Adobe Reader with Sumatra PDF.

    References




    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    1 comment:

    Bill said...

    Thanks, Corrine. I tried Sumatra a while back, didn't cope well with large .pdfs so I found Foxit, it's OK. Anyone tried the reader now built-in to Firefox?