Since the beginning of the year, Adobe and Microsoft have been under a bad light since most of the most recent attacks notably exploited the two companies’ software vulnerabilities. Adobe Reader and Acrobat, in particular, are currently cybercriminals’ favorite targets. When news that Adobe would be releasing an out-of-band security update to prevent an exploitable hole in certain versions of Reader and Acrobat, some raised their brows in question while some rolled their eyes and declared that this was the last straw.
According to Adobe’s latest security bulletin, the said critical vulnerability could affect Adobe Reader 9.3 for Macintosh, Windows, and Unix; Adobe Acrobat 9.3 for Macintosh and Windows; and Adobe Reader and Acrobat 8.2 for Macintosh and Windows based on reports from Microsoft and Michael Yong Park. If cybercriminals exploited the said vulnerability, they could make unauthorized cross-domain requests or worse take control of affected systems, similar to the effects of a flaw in Adobe Flash and Adobe AIR Park also spotted days earlier.
- New Adobe Zero-Day Vulnerability Again
- Unpatched Adobe Vulnerability Is Still Being Exploited in the Wild
- Spam Attack Against the U.S. Defense Department Exploits an Adobe Vulnerability
Users of affected versions of Adobe Reader and Acrobat are strongly advised to download the updates in this security bulletin.
Trend Micro™ Smart Protection Network™ protects users from these kinds of attack by blocking user access to malicious sites and domains via the Web reputation service, by preventing spammed messages containing links to malicious sites from even reaching their inboxes via the email reputation service, and by detecting and consequently deleting malicious exploits from their systems via the file reputation service.