Cloud & Telecom Security

Adope官方已经确认再爆新漏洞。该漏洞存在于Windows, Macintosh, Unix版本的Adobe Reader和Acrobat 9.1.3和以前的版本（CVE-2009-3459），有报告称已经发现针对Windows版本的利用。漏洞细节详见下文报道：

Adobe is aware of reports of a critical vulnerability in Adobe Reader and Acrobat 9.1.3 and earlier (CVE-2009-3459) on Windows, Macintosh and UNIX. There are reports that this issue is being exploited in the wild in limited targeted attacks; the exploit targets Adobe Reader and Acrobat 9.1.3 on Windows.

Adobe plans to resolve this issue as part of the upcoming Adobe Reader and Acrobat quarterly security update, scheduled for release on October 13. Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista will be protected from this exploit. Disabling JavaScript also mitigates against this specific exploit, although a variant that does not rely on JavaScript could be possible. In the meantime, Adobe is also in contact with Antivirus and Security vendors regarding the issue and recommends users keep their anti-virus definitions up to date.

We wish to thank Chia-Ching Fang and the Information and Communication Security Technology Center for their help with reporting and investigating this issue (CVE-2009-3459).

We will continue to provide updates on this issue via the Security Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.