‘Impervious’ Adobe Reader X/XI is actually vulnerable

A working exploit for the latest versions of Adobe’s PDF Reader software (X and XI) is being made available to malicious hackers for $50,000 via underground forums.

Starting with Version X, Adobe’s Reader software has employed a ‘sandbox’ that supposedly insulates the operating system from attacks originating in Reader content. The exploit code reportedly gets around the sandbox.

Adobe is investigating, but no patches are available yet. Since this threat is active, anyone using Adobe Reader X or XI should exercise extreme caution when opening PDF documents or clicking links to PDF documents from unknown sources. Another option is to uninstall the Adobe software and use an alternative like Foxit Reader.

More details from KrebsOnSecurity.

About jrivett

Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.