Here’s a quick update to the Adobe PDF Reader/Acrobat zero-day story that broke yesterday after the company confirmed that an unpatched vulnerabilities was being attacked in the wild.
More importantly, Adobe has finally provided official mitigation guidance and announced plans to ship a patch for this vulnerability on January 12th, 2010.
These are the software versions affected:
- Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX
- Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh
Here are the temporary mitigation instructions:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
5. Click OK
The purpose of the Framework is to allow Adobe to protect
like the one referenced in Security Advisory APSA09-07.
Researchers at F-Secure have some additional information on the actual zero-day attacks, which utilize rigged PDF files.