Security Advisory – Adobe Reader and Acrobat

Adobe has released a Security Advisory which identifies critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in two Adobe products; Reader and Acrobat. The following versions are affected: • Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh • Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh • Adobe Reader 9.5.3 and earlier 9.x versions for Windows, Macintosh and Linux • Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh • Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh • Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh

According to Adobe, these vulnerabilities could allow the application to be exploited causing it to crash, and potentially allow an attacker to take control of the affected system.

Adobe has also acknowledged other reports which have identified that these vulnerabilities are being exploited in the wild, in targeted attacks, designed to trick Windows users into opening a malicious PDF file delivered in an email message.

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux.  These updates address the vulnerabilities detailed above.

The NCSC encourages administrators to review the full security bulletin from Adobe, available here, and apply these updates as soon as practicable.