Posted by: David Harley | February 14, 2013

CVE-2013-0640, CVE-2013-0641, and Mac users [updated]

[Further update (21st February): for the Adobe update itself see Security updates available for Adobe Reader and Acrobat. Further commentary by Paul Ducklin here, and by John Leyden here.]

[Update (18th February): Adobe has announced that it “plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux during the week of February 18, 2013.” Further announcements via (Hat tip to Randy Knobloch.) You might want to subscribe to the Adobe Notification service.]

For Sophos, Paul Ducklin points out a problem with the current Adobe exploit as far as Mac users are concerned: No patch yet for Adobe PDF exploits – Adobe suggests a workaround, but Mac users need not apply.

While Adobe’s bulletin notes that Mac users and Windows users may experience the problem,  the suggested mitigation (turning on Protected View in Reader/Acrobat XI) isn’t available to Mac users. (In fact, versions 9, X and XI are currently susceptible. Fortunately, Preview isn’t.)

David Harley
Mac Virus/Small Blue-Green World
ESET Senior Research Fellow

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: