Adobe Systems warned Tuesday of a critical Reader and Acrobat vulnerability that could crash a system and allow an attacker to commandeer a personal computer.
The software maker said reports indicate that the memory corruption vulnerability is being exploited in attacks against Reader 9.x on Windows. Other versions of the software open to attack include:
-- Reader X (10.1.1) and earlier 10.x versions for Windows and Mac;
-- Reader 9.46 and earlier 9.x versions for Windows, Mac and Unix;
-- Acrobat X (10.1.1) and earlier 10.x versions for Windows and Mac;
-- Acrobat 9.4.6 and earlier 9.x versions for Windows and Mac.
Adobe said it expected to release a fix by the week of Dec. 12 for Reader and Acrobat 9.x for Windows. Because Reader X and Acrobat X have protected views that would prevent the execution of malware targeted at the flaw, Adobe doesn't plan to release a patch for those products until the next quarterly security update scheduled for Jan. 10, 2012. At the same time, Adobe will release a fix for Reader 9.x for Unix.
The warning comes a month after Adobe released a security update for Flash Player 11.1 and earlier versions for Android smartphones and tablets, as well as for computers running Windows, Mac OS X, Linux and Solaris. The update patched three critical vulnerabilities: memory corruption, buffer overflow and stack overflow.
