Zero day exploit for Adobe Acrobat is now in the wild

On the 20th of September, Gnucitizen discover a flaw in Adobe Acrobat Reader. They didn't release any exploit code so Adobe could fix it.

But someone has read the advisory and released a Proof of Concept through the full disclosure mailinglist.

As far as I have been following the story, Adobe hasn't released a patch for this at the moment.
For the recent versions, there is a workaround (SANS ISC). For the older versions, Host intrusion prevention and gateway scanning might be the only defence for now.

No comments: