On Tuesday, Adobe released a security bulletin, warning users of several vulnerabilities which could give a remote attacker access to the targeted PC.
The update affects Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for Linux, and Adobe Acrobat X (10.1.2).
The update fixes the following vulnerabilities:
- CVE-2012-0774 – These updates resolve an integer overflow in the True Type Font (TTF) handling that could lead to code execution
- CVE-2012-0776 – These updates resolve a security bypass via the Adobe Reader installer that could lead to code execution
Just how popular are malicious PDFs these days? According to multiple reports, malicious PDF files outpace the distribution of related malicious attachments used in targeted attacks, and currently represent the attack vector of choice for malicious attackers compared to media, help files, HTMLs and executables.
Webroot advises end and corporate users to apply the Adobe updates immediately.