Adobe to release emergency Reader and Acrobat patches
Adobe will make an emergency patch available this week to protect its Reader and Acrobat software against a zero-day exploit.
The exploits, known as CVE-2013-0640 and CVE-2013-0641, were first reported on 12 February by security firm FireEye, and target both Windows and Mac versions of Reader and Acrobat.
Reader version 9 and newer is affected across Mac, Windows and Linux platforms, and versions X and XI are affected on Mac and PCs. For Acrobat, version 9 and newer are affected.
Reviewed: internet security software
PC Pro looks at the latest internet security software – with shocking results for Microsoft Security Essentials.
The exploit relies on the user opening a rogue PDF attached to an email. The PDF crashes Acrobat, which when restarted calls back to a remote domain, delivering user keystrokes such as usernames and passwords.
Acrobat usually releases software updates on the second Tuesday of the month – the same day as Microsoft’s Patch Tuesday – but has prioritised the release of CVE-2013-0640 and CVE-2013-0641.
Until the patches are released, users are urged to avoid PDFs from unknown sources, while users of Reader and Acrobat XI for Windows can help protect themselves by using the software’s Protected View mode, which sandboxes open PDFs and prevents them from communicating with the outside world.