Critical Adobe Reader zero-day vulnerability exploited in the wild ~ Gadget Reviews, Product News, Electronic Gadgets

Trending: Bloggermint Blogger Template

Fat Jump Pro (By SID On)

Developer: SID On Price: $0.99 Version Reviewed: 1.2 Download: here Requirements: Compatible with iPhone, iPod touch, and iPad.Requires iOS 4.0 or later. Located in the Warsow,Poland-SID on an independent mobile application developer has announced a recent update of Fat Jump Pro for the iPhone,iPad and iPod touch.Fat Jump Pro is a fast paced vertical arcade action for the iOS devices.Using the tilt controls the player must guide the jumping,little green hero (a healthy and crispy cucumber) up a never ending series of platforms...

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheOZX_2fWULSTc9cCEPViLz6CGJ0M-A3PeJDmVhpJSA02I84Z1gef0cif5bu640uxtj9uzh47wf80tpw9as6jGYUVC9hq8orbuI9gZB15pmPjzrI5OgvQquFCHNGUWn2gIEZzzu2HvNJQ/s1600/hello.png

Detectives’ Chase

http://img.148apps.com/images/itms/471/471857988/icon175x175.png

Ticket to Ride Pocket

http://img.148apps.com/images/itms/441/441083639/icon175x175.png

NFL Pro 2012

http://img.148apps.com/images/itms/466/466067444/icon175x175.png

Blood and Glory

Thursday, 8 December 2011

Critical Adobe Reader zero-day vulnerability exploited in the wild

Adobe is working on a patch for a newly discovered Adobe Reader vulnerability that is currently being exploited in the wild to infect computers with malware.
The flaw affects Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, as well as Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh.
The memory-corruption vulnerability is identified as CVE-2011-2462 and is located in the component that processes U3D graphics. Because it can lead to the execution of arbitrary code, the vulnerability is considered critical.
The Lockheed Martin Computer Incident Response Team (CIRT) and members of the Defense Security Information Exchange are credited with discovering and reporting the issue to Adobe, which suggests that hackers are leveraging it to target companies from the defense industry.
Adobe is treating a patch for Adobe Reader 9.x as a priority because that's the branch currently exploited in the wild. "We are in the process of finalizing a fix for the issue and expect to make available an update for Adobe Reader and Acrobat 9.x for Windows no later than the week of December 12, 2011," the company said in a new security advisory.
Adobe Reader and Acrobat X for Windows will receive patches during the next quarterly security update, which is scheduled for Jan. 10. The vulnerability is not an immediate threat for users of this particular branch because they benefit from a sandbox feature that makes arbitrary code execution very difficult to achieve.
Sandboxing is not available for the Unix and Mac versions, but according to Adobe, the risk to users of these platforms is significantly lower. That's why the company will delay patching these versions until January as well.
"All real-world attack activity, both in this instance and historically, is limited to Adobe Reader on Windows. We have not received any reports to date of malicious PDFs being used to exploit Adobe Reader or Acrobat for Macintosh or UNIX for this CVE (or any other CVE)," the Adobe Secure Software Engineering Team (ASSET), said in a blog post.
via : Macworld