Lockheed Martin’s computer incident response team and the Defense Security Information Exchange, who both monitor potential security threats for military contractors and other organisations, have revealed that hackers have been exploiting a weakness in the most recent versions of Adobe Reader and Acrobat applications. Adobe have confirmed this and explained that the security weakness in the applications are allowing hackers to hijack computers which are using Microsoft Windows, putting confidential data at risk of being stolen.
Adobe’s advisory commented on this and stated that the weakness in the applications is “being actively exploited in limited, targeted attacks in the wild.”
So far, hackers have only targeted computers which use the Microsoft Windows operating system and Reader 9.x. However, other versions of these applications are also vulnerable to attack.
Adobe has already taken emergency measures in an attempt to improve the security measures and aim to release an update by the end of next week. These updates will only be for the Reader 9.x and Acrobat 9.x versions.
Adobe is taking its time to release the important updates for other versions and it is expected that they will release updates for Reader X and Acrobat X and other versions that run on the UNIX and OS X operating systems on January 10th. Brad Arkin, Adobe’s senior director of product security and privacy, has revealed that there is no need to rush with the other updates. He claimed that a security sandbox that has been built into Reader X has thwarted attacks and the versions that have been written for the operating systems, other than Microsoft Windows have not been targeted.
In a blog post, Arkin publicised the reason for staggering the release of the updates. He stated “Focusing this release on just Adobe Reader and Acrobat 9.x for Windows also allows us to ship the update much earlier. We are conscious of the upcoming holidays and are working to get this patch out as soon as possible to allow time to deploy the update before users and staff begin time off. Ultimately the decision comes down to what we can do to best mitigate threats to our customers.”
It is generally considered that Adobe’s efforts to improve the security of its software over the last year have been worthwhile as significant steps forward have been taken. The implementation of the sandbox to the version of Reader is generally seen as one of the most important factors which have helped to improve the security of the software. Another key factor is the speed that the Adobe team responds to security issues that arise and release a patch to make the application more secure.
Despite these improvements, Adobe still have some way to go as some versions of the application are still being targeted and exploited by hackers. It has been recommended that users switch to a version that hasn’t been targeted as much and those who need the software on a Windows operating system should switch to Reader X.