Security Advisory for Adobe Reader and Acrobat
Release date: September 8, 2010
Last updated: October 5, 2010
Vulnerability identifier: APSA10-02
CVE number: CVE-2010-2883
A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild.
A fix is now available for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh as of Tuesday, October 5, 2010. Please refer to Security Bulletin APSB10-21.
Affected software versions
- Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX
- Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh
Adobe categorizes this as a critical issue.
Adobe would like to thank Mila Parkour of http://contagiodump.blogspot.com for working on this issue with Adobe to help protect our customers.
October 5, 2010 - Updated with information on Security Bulletin APSB10-21
September 13, 2010 - Updated information on the release schedule, and that the releases represent the next quarterly security update (originally scheduled for October 12, 2010).
September 10, 2010 - Added the Mitigations section with instructions for a mitigation option for Windows users.
September 8, 2010 - Advisory released.