Adobe Reader and Acrobat Patch Coming Tuesday

[Brian Warkoczeski]

Adobe has announced plans to release a patch for Adobe Reader...

Adobe Reader and Acrobat issue

By David Lenoe on October 8, 2009 9:50 AM

Adobe is aware of reports of a critical vulnerability in Adobe Reader 
and Acrobat 9.1.3 and earlier (CVE-2009-3459) on Windows, Macintosh and 
UNIX. There are reports that this issue is being exploited in the wild 
in limited targeted attacks; the exploit targets Adobe Reader and 
Acrobat 9.1.3 on Windows.

Adobe plans to resolve this issue as part of the upcoming Adobe Reader 
and Acrobat quarterly security update, scheduled for release on October 
13. Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows 
Vista will be protected from this exploit. Disabling JavaScript also 
mitigates against this specific exploit, although a variant that does 
not rely on JavaScript could be possible. In the meantime, Adobe is also 
in contact with Antivirus and Security vendors regarding the issue and 
recommends users keep their anti-virus definitions up to date.

We wish to thank Chia-Ching Fang and the Information and Communication 
Security Technology Center for their help with reporting and 
investigating this issue (CVE-2009-3459).

We will continue to provide updates on this issue via the Security 
Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.

This posting is provided "AS IS" with no warranties and confers no rights.

http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html