Adobe has announced that two vulnerabilities with its Acrobat and Reader applications are being exploited in the wild via a malicious PDF file attached to an email. If a user attempts to open the PDF file, their system will be attacked via the critical vulnerabilities, as well as the potential for the application to crash. Adobe is working on a rolling out a fix for the vulnerabilities, but until then users should exercise caution when downloading attachments.
The PDF attack targets Windows users, but all three major operating system – Windows, Mac OS X, and Linux – are affected by the vulnerabilities CVE-2013-0640 and CVE-2013-0641. Until the company gets a patch pushed out, it recommends that users update their anti-malware software to the latest definitions, and ensures that it is running at all times when using the applications.
Adobe Reader and Adobe Acrobat XI versions 22.214.171.124 and earlier for Windows and OS X, Reader X 10.1.5 and earlier for Windows and OS X, and Reader 9.5.3 and earlier 9.x versions for all Windows, Mac OS X, and Linux are all affected by the two vulnerabilities. Windows users running Reader XI and Acrobat XI can both take steps to protect themselves until the fix is released, however.
Within the applications, Windows users running the above mentioned versions of either XI application should enable “Protected View,” which can be found under Edit > Preferences > Security (Enhanced). From that menu, select “Files from potentially unsafe locations,” which will help guard against malicious PDF files. Admins can enable Protected View in the registry for enterprises with security concerns.