LandzDown Forum

Critical vulnerabilities have been identified in Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.  These vulnerabilities, including CVE-2011-0611, as referenced in Security Advisory APSA11-02, could cause a crash and potentially allow an attacker to take control of the affected system.  There are reports that one of the vulnerabilities, CVE-2011-0611, is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat, as well as via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

Adobe recommends users of Adobe Reader X (10.0.2) for Macintosh update to Adobe Reader X (10.0.3). For users of Adobe Reader 9.4.3 for Windows and Macintosh, Adobe has made available the update, Adobe Reader 9.4.4.  Adobe recommends users of Adobe Acrobat X (10.0.2) for Windows and Macintosh update to Adobe Acrobat X (10.0.3). Adobe recommends users of Adobe Acrobat 9.4.3 for Windows and Macintosh update to Adobe Acrobat 9.4.4. Because Adobe Reader X Protected Mode would prevent exploits of the type targeting CVE-2011-0611 from executing, we are currently planning to address these issues in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011. Today's security updates are out-of-cycle updates.