NEWS - February 20, 2013
by Carol~ - 2/20/13 1:15 PM
Adobe Patches Sandbox Escape Vulnerability in Reader and Acrobat
Adobe today released a patch for two vulnerabilities being exploited in the wild that enabled attackers to pull off the first confirmed sandbox escape against Adobe Reader.
The vulnerabilities (CVE-2013-0640 and CVE-2013-0641) could cause a crash and allow an attacker to remotely run malware on a compromised computer. They affect Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Mac OS X systems.
Exploits were discovered by security company FireEye; spear phishing messages were sending victims infected PDF files purporting to be a travel visa application form called Visaform Turkey. Most of the messages were written in Italian. Researchers at Kaspersky Lab were among the first to confirm the sandbox escape, adding that the exploit worked against a fully patched 64-bit Windows 7 machine and Adobe Reader 11.0.1.
Continued : https://threatpost.com/en_us/blogs/adobe-patches-sandbox-escape-vulnerability-reader-and-acrobat-022013
Adobe Patches Sandbox-Escaping Vulnerabilities in Reader, Acrobat
Adobe updates Reader and Acrobat to patch vulnerabilities being exploited in the wild
See: Security Updates for Adobe Reader and Acrobat (APSB13-07)