Symantec Security Threatcon Status for 2009-10-08

Adobe has released a security advisory to discuss a critical vulnerability affecting Reader and Acrobat 9.1.3 and earlier on Windows, Macintosh, and Unix platforms. The vendor reports that the issue is being exploited in the wild in limited targeted attacks. The in-the-wild exploit targets Reader and Acrobat 9.1.3 on Windows platforms.

A fix for this issue will be released in the Adobe Reader and Acrobat quarterly security update, which is scheduled to be released on October 13, 2009.

In the meantime, users are advised to:

- Ensure that DEP is enabled.
- Ensure that JavaScript is disabled for Reader and Acrobat.
- Ensure that antivirus software is up to date.

Adobe Acrobat Reader Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36600

APSB09-15 Security Advisory for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb09-15.html

Adobe Reader and Acrobat issue
http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html