Adobe has been hit by another zero-day vulnerability, which has already been picked up by hackers targeting Windows machines.
The U3D memory flaw affects Adobe Reader X and earlier versions for Windows and Mac, as well as Adobe Reader 9.4.6 and earlier 9.x versions for UNIX. Adobe Acrobat X and earlier versions for Windows and Mac are also affected.
"This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system," the software maker said in a blog post.
"There are reports that the vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows."
Adobe said it is working on a fix, which will be ready "no later than the week of 12 December.
"Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for 10 January 2012," Adobe continued.
"We are planning to address this issue in Adobe Reader and Acrobat X and earlier versions for Macintosh as part of the next quarterly update scheduled for 10 January 2012. An update to address this issue in Adobe Reader 9.x for UNIX is planned for 10 January 2012."
Adobe software has been hit by a plethora of flaws in the past. One of the reasons the late Steve Jobs wished to distance Apple from Flash was because of security issues.
The software developer confirmed last month it was giving up on creating Flash for mobile browsers, punting for HTML5 instead.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Hackers are stepping up ‘qishing’ attacks by hiding malicious QR codes in PDF email attachmentsNews Malicious QR codes hidden in email attachments may be missed by traditional email security scanners, with over 500,000 qishing attacks launched in the last three months.
-
Warning issued over “incomplete” fix for Adobe ColdFusion vulnerabilityNews An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned
-
Adobe forced to patch its own failed security updateNews Company issues new fix for e-commerce vulnerability after researchers bypass the original update
-
Ask more from your CMSWhitepaper How to get the most value in the shortest timespan
-
Adobe battles fake photos with editing tagsNews Photoshop will include new tagging tools later this year to help fight against misinformation and deep fakes
-
Adobe Photoshop Elements 2019 review: Trapped in the photo-editing middle groundReviews A once peerless beginner’s photo-editing package that’s past its prime
-
How Adobe saved BT £630,000Sponsored Adobe’s digital signature platform is saving time and money - and forging stronger connections between businesses and customers
-
Don't settle when it comes to creativitySponsored Getting the best out of your creative design team means equipping them with the best software
