Theme

Welcome · log in · join	food

Home

Reviews

Speed Test

	All Forums		Hot Topics		Gallery

Security → Security Bulletin for Adobe Reader and Acrobat

uniqs
2858

« tracking medication bottles • Java SE 7 Update 15 & Java SE 6 Update 41 released »
page: 1 · 2 · next

chachazz Premium Member join:2003-12-14 2 edits 2 recommendations	chachazz Premium Member 2013-Feb-13 1:22 am Security Bulletin for Adobe Reader and Acrobat Adobe Reader and Acrobat Vulnerability Report February 12, 2013: quote: Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog for the latest information. »blogs.adobe.com/psirt/20 ··· ort.html
	actions · 2013-Feb-13 1:22 am ·
chachazz	chachazz Premium Member 2013-Feb-13 3:56 pm Re: Adobe Reader and Acrobat Vulnerability Report FireEye Malware Lab - 2013.02.12 quote: In Turn, It's PDF Time We have found IE, Java, and Flash zero-days in a row in the past several months, and now it's PDF’s turn. Today, we identified that a PDF zero-day is being exploited in the wild, and we observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1. Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain. [Update: February 13, 2013] quote: In response to the many requests we’ve received for more detailed information, we would like to let our readers know that we have been working with Adobe and have jointly agreed to refrain from posting the technical details of the zero-day at this time. This post was intended to serve as a warning to the general public. We will update this post with more information at a later time. »blog.fireeye.com/researc ··· ime.html
	actions · 2013-Feb-13 3:56 pm ·
StuartMW Premium Member join:2000-08-06	StuartMW to chachazz Premium Member 2013-Feb-13 4:00 pm to chachazz Ok on goes my conspiracy theory hat I'm convinced Adobe is deliberately releasing vulnerable software on purpose. Either that or they're totally incompetent. Or both. Hmmm
	actions · 2013-Feb-13 4:00 pm ·
SpHeRe31459 Premium Member join:2002-10-09 Sacramento, CA 1 recommendation	SpHeRe31459 Premium Member 2013-Feb-13 5:31 pm Yeah seriously! Adobe and Oracle (Java) are making patch management a real pain this month!
	actions · 2013-Feb-13 5:31 pm ·
Blackbird Built for Speed Premium Member join:2005-01-14 Fort Wayne, IN 1 recommendation	Blackbird Premium Member 2013-Feb-13 5:43 pm said by SpHeRe31459: Yeah seriously! Adobe and Oracle (Java) are making patch management a real pain this month! Think of it all as a digital security fitness program. Oracle and Adobe are actually trying to build up everyone's patching muscles. See? They really do care about users...
	actions · 2013-Feb-13 5:43 pm ·
StuartMW Premium Member join:2000-08-06 1 recommendation	StuartMW Premium Member 2013-Feb-13 5:46 pm You're a glass half full type of guy right?
	actions · 2013-Feb-13 5:46 pm ·
Rebrider Been There Done That Premium Member join:2000-11-23 1 recommendation	Rebrider to StuartMW Premium Member 2013-Feb-13 6:34 pm to StuartMW said by StuartMW: Ok on goes my conspiracy theory hat I'm convinced Adobe is deliberately releasing vulnerable software on purpose. Either that or they're totally incompetent. Or both. Hmmm +1
	actions · 2013-Feb-13 6:34 pm ·
angussf Premium Member join:2002-01-11 Tucson, AZ	angussf to chachazz Premium Member 2013-Feb-13 9:24 pm to chachazz This is why I use SumatraPDF as my default PDF reader, with Foxit Enterprise Reader as a backup for when I need to read PDFs which use Javascript. Free PDF Reader - Sumatra PDF
	actions · 2013-Feb-13 9:24 pm ·
siljaline I'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC 1 recommendation	siljaline to Blackbird Premium Member 2013-Feb-13 11:07 pm to Blackbird Adobe and Oracle are right up there among the most flawed and vulnerable software. Handle with kid gloves.
	actions · 2013-Feb-13 11:07 pm ·
antdude Matrix Ant Premium Member join:2001-03-25 US	antdude Premium Member 2013-Feb-14 12:12 am said by siljaline: Adobe and Oracle are right up there among the most flawed and vulnerable software... What about Microsoft?
	actions · 2013-Feb-14 12:12 am ·
siljaline I'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC	siljaline Premium Member 2013-Feb-14 2:11 am Good point
	actions · 2013-Feb-14 2:11 am ·
siljaline	siljaline to chachazz Premium Member 2013-Feb-14 10:31 am to chachazz Adobe said it's currently working on a fix for the security issue and will update its bulletin once a launch has been scheduled. In the meantime, Windows users of Adobe Reader XI and Acrobat XI can protect themselves from the security exploit by turning on Protected View as follows: quote: Open Reader or Acrobat. Click on the Edit menu, select Preferences, and then click on the Security (or Security Enhanced) option. In the Protected View section at the top of the window, click on the button to enable "Files from potentially unsafe locations" and then click OK.
	actions · 2013-Feb-14 10:31 am ·
jaykaykay 4 Ever Young MVM join:2000-04-13 USA	jaykaykay to angussf MVM 2013-Feb-14 4:07 pm to angussf said by angussf: This is why I use SumatraPDF as my default PDF reader, with Foxit Enterprise Reader as a backup for when I need to read PDFs which use Javascript. Free PDF Reader - Sumatra PDF And why I use Nitro as mine. »en.wikipedia.org/wiki/Nitro_PDF
	actions · 2013-Feb-14 4:07 pm ·
chachazz Premium Member join:2003-12-14 1 edit	chachazz Premium Member 2013-Feb-14 4:15 pm Adobe PSIRT: Security Advisory for Adobe Reader and Acrobat (APSA13-02) February 13, 2013 \| Last updated: February 14, 2012 Vulnerability identifier: APSA13-02 quote: A Security Advisory (APSA13-02) has been posted in regards to critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message. Adobe is in the process of working on a fix for these issues and will update this advisory when a date for the fix has been determined. Adobe will continue to provide updates on this issue via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog. Security bulletin APSA13-02 Summary: Adobe has identified critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier for Windows and Macintosh, and Adobe Reader 9.5.3 for Linux. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message. Adobe is in the process of working on a fix for these issues and will update this advisory when a date for the fix has been determined. Affected Software Versions • Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh • Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh • Adobe Reader 9.5.3 and earlier 9.x versions for Windows, Macintosh and Linux • Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh • Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh • Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh Mitigations Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View. To enable this setting, choose the "Files from potentially unsafe locations" option under the Edit > Preferences > Security (Enhanced) menu. Enterprise administrators can protect Windows users across their organization by enabling Protected View in the registry and propagating that setting via GPO or any other method. Further information about enabling Protected View for the enterprise is available here.
	actions · 2013-Feb-14 4:15 pm ·

redwolfe_98 Premium Member join:2001-06-11	redwolfe_98 to chachazz Premium Member 2013-Feb-14 4:37 pm to chachazz Re: Security Bulletin for Adobe Reader and Acrobat for some reason, i can't get adobe's "security advisories" webpage to open.. when i try to open the webpage, it hangs on trying to load content from "wwwimages.adobe.com".. i don't have a problem with opening any of adobe's other webpages, just the "security advisories" webpage.. here is a link for adobe's "security advisories" webpage: »www.adobe.com/support/security/
	actions · 2013-Feb-14 4:37 pm ·
StuartMW Premium Member join:2000-08-06	StuartMW to chachazz Premium Member 2013-Feb-14 4:42 pm to chachazz Re: Adobe Reader and Acrobat Vulnerability Report Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View. To enable this setting, choose the "Files from potentially unsafe locations" option under the Edit > Preferences > Security (Enhanced) menu. Presumably users of 9.5.3 (e.g. on a Win2K box) are SOL? I've done the workaround for boxes running 11.0.1.
	actions · 2013-Feb-14 4:42 pm ·
SpHeRe31459 Premium Member join:2002-10-09 Sacramento, CA	SpHeRe31459 Premium Member 2013-Feb-14 6:07 pm 9.x installs on Win2k? Adobe says only ver 8.x is Win2k compatible officially. Unofficially I'd think any recent version could be tricked into being installed, no? Or perhaps more importantly why do you still have a Win2k box around? Some really special proprietary software? I'd hope you have it offline, since Win2k hasn't received updates in years, so the issue would be moot. Acrobat 9.x and older is such a steaming pile to deal with, and it has no sandboxing abilities, so there's inherently no workaround possible.
	actions · 2013-Feb-14 6:07 pm ·
StuartMW Premium Member join:2000-08-06	StuartMW Premium Member 2013-Feb-14 6:12 pm said by SpHeRe31459: 9.x installs on Win2k? Yup. 9.x is the last to work on Win2K. No trick(s) required--just run the installer. quote: Or perhaps more importantly why do you still have a Win2k box around? Because that box only supports Win2K and it works perfectly fine for it's intended purpose as a backup machine/server.
	actions · 2013-Feb-14 6:12 pm ·
SpHeRe31459 Premium Member join:2002-10-09 Sacramento, CA	SpHeRe31459 Premium Member 2013-Feb-14 6:14 pm Never mind, mod's please delete...
	actions · 2013-Feb-14 6:14 pm ·
redwolfe_98 Premium Member join:2001-06-11 1 edit	redwolfe_98 Premium Member 2013-Feb-15 1:25 am Re: Security Bulletin for Adobe Reader and Acrobat said by redwolfe_98: i can't get adobe's "security advisories" webpage to open.. am i the only one who can't get adobe's "security advisories" webpage to open? nevermind.. i figured out that the problem was caused by my avira program's "webguard", with the settings that i was using..
	actions · 2013-Feb-15 1:25 am ·
siljaline I'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC 1 recommendation	siljaline to chachazz Premium Member 2013-Feb-15 8:44 pm to chachazz One thing Adobe omitted to tell us would be to disable: AdobeARM from MSCONFIG
	actions · 2013-Feb-15 8:44 pm ·
chachazz Premium Member join:2003-12-14	chachazz Premium Member 2013-Feb-15 10:24 pm said by siljaline: One thing Adobe omitted to tell us would be to disable: AdobeARM from MSCONFIG ARM is the update manager. It is intended for the average users who do not manage their updates manually. If it was an issue in this vulnerability, Adobe would have given instructions.
	actions · 2013-Feb-15 10:24 pm ·
siljaline I'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC	siljaline Premium Member 2013-Feb-15 11:36 pm quote: This is a valid entry, but is classified as 'user's choice'. It may not be needed, but that depends on whether the user deems it necessary. I never use it, as it chokes MSCONFIG with superfluous start-ups.
	actions · 2013-Feb-15 11:36 pm ·
antdude Matrix Ant Premium Member join:2001-03-25 US	antdude to chachazz Premium Member 2013-Feb-17 9:48 pm to chachazz Adobe to patch Reader zero-day this week with rush update »www.computerworld.com/s/ ··· h_update "Hackers exploiting sandbox-bypass bug. Adobe on Saturday said it would release an emergency patch for two Reader zero-day vulnerabilities this week. Hackers have already been exploiting the bugs using rigged PDF documents sent as email attachments..."
	actions · 2013-Feb-17 9:48 pm ·
siljaline I'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC 1 recommendation	siljaline Premium Member 2013-Feb-17 11:10 pm From your snippet, antdude »blogs.adobe.com/psirt/20 ··· -02.html quote: We just updated the Security Advisory (APSA13-02) posted on Wednesday, February 13, 2013 to include the planned schedule for a patch to resolve CVE-2013-0640 and CVE-2013-0641. Adobe plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux during the week of February 18, 2013.
	actions · 2013-Feb-17 11:10 pm ·
chachazz Premium Member join:2003-12-14 1 recommendation	chachazz Premium Member 2013-Feb-20 3:12 pm Re: Security updates available for Adobe Reader and Acrobat Security updates available for Adobe Reader and Acrobat Release date: February 20, 2013 See the Bulletin for details: »www.adobe.com/support/se ··· -07.html Acrobat for Windows: »www.adobe.com/support/do ··· =windows Reader for Windows: »www.adobe.com/support/do ··· =Windows Acrobat for Mac: »www.adobe.com/support/do ··· form=Mac Reader for Mac: »www.adobe.com/support/do ··· acintosh For detailed Release Notes, please see the Enterprise Toolkit.
	actions · 2013-Feb-20 3:12 pm ·
siljaline I'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC	siljaline Premium Member 2013-Feb-20 4:00 pm StuartMW may have duped, slightly. »Re: Adobe Reader XI 11.0.2 and 9.5.4 available
	actions · 2013-Feb-20 4:00 pm ·
StuartMW Premium Member join:2000-08-06	StuartMW Premium Member 2013-Feb-20 4:13 pm No I think Chazzy duped. Check the post timestamps
	actions · 2013-Feb-20 4:13 pm ·
chachazz Premium Member join:2003-12-14	chachazz to siljaline Premium Member 2013-Feb-20 4:16 pm to siljaline said by siljaline: StuartMW may have duped, A post for Adobe Reader with no Links or information?
	actions · 2013-Feb-20 4:16 pm ·
StuartMW Premium Member join:2000-08-06	StuartMW Premium Member 2013-Feb-20 4:17 pm Well I would've linked to this post but I forgot. whips self repeatedly BTW I was going to post links to the FTP site but FTP seems to be frowned upon these days (especially with respect to a certain browser).
	actions · 2013-Feb-20 4:17 pm ·

Forums → Software and Operating Systems → Security	« tracking medication bottles • Java SE 7 Update 15 & Java SE 6 Update 41 released »
page: 1 · 2 · next

Security → Security Bulletin for Adobe Reader and Acrobat

Security Bulletin for Adobe Reader and Acrobat

Re: Adobe Reader and Acrobat Vulnerability Report

Re: Security Bulletin for Adobe Reader and Acrobat

Re: Adobe Reader and Acrobat Vulnerability Report

Re: Security Bulletin for Adobe Reader and Acrobat

Adobe to patch Reader zero-day this week with rush update

Re: Security updates available for Adobe Reader and Acrobat