Adobe Fixes Sandbox Flaw Used In Attacks
Sandbox will continue to evolve with tighter security, Adobe says.
When Adobe was alerted earlier this month to two critical zero-day bugs in Reader and Acrobat that were being actively abused in targeted attacks, there was a looming sense of deja vu. This wasn't the first time Adobe had dealt with and fixed vulnerabilities in its sandbox, but it was the first time bugs that beat the sandbox were being exploited in the wild in real attacks.
One week after issuing an advisory about the attacks, Adobe on Wednesday released patches for Adobe Reader and Acrobat that fix the two flaws used in attacks that tried to lure users into clicking on malicious PDFs in email messages. The APSB13-07 security update addresses the "critical vulnerabilities" in Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Mac machines; X (10.1.5 and earlier) for Windows and Macintosh; 9.5.3 and earlier 9.x versions for Windows and Macintosh; and Adobe Reader 9.5.3 and earlier 9.x versions for Linux....