Adobe Systems on Sunday reported that this week will release an emergency patch for two critical zero-day vulnerabilities in the product Adobe Reader, designed to work with PDF-files.
The company said that the vulnerability, which is planned for release fixes are already being used by hackers. The company does not say when it will fix, says only that it will happen this week.
According to Adobe, the vulnerability of the first became known on Thursday, it affects Reader versions for Windows, OS X and Linux. As an independent company FireEye, Adobe is sending information about the vulnerability, report that they have identified the vulnerability of February 13, but even then attackers used a bug in Adobe Reader. we know that a bug related to setting aside “sandbox” in Reader 10 and 11.
The second bug was reportedly linked to the remote execution of code embedded in a specially designed malicious PDF-files. It is reported that this bug also works even when the mode Protected View.
Recall that the so-called “sandbox” or among isolated execution is present only in the Windows-version of Adobe Reader.
MALWARELIST.net - Your Information Security Source 