The flaw impacts Reader and Acrobat 9.1.3 and earlier Windows, Mac, and UNIX, but the current attacks are only targeting Windows. Adobe plans on fixing the issue in their scheduled quarterly patch release on October 13, 2009.
Disabling JavaScript may not protect you from all variants of the attack. Adobe has yet to publicly disclose the actual vulnerability, obviously hoping to limit attacks until they roll out their quarterly release. Antivirus vendors have been notified, and hopefully they are distributing AV definitions that alert on the known variants.
No comments:
Post a Comment
Please tell me what you think.