As documented at – http://www.adobe.com/support/security/advisories/apsa11-04.html , vulnerabilities have been identified in Reader X and Acrobat X. The vulnerabilities are not exploitable due to the sandbox features incorporated in version X. Versions prior to X are exploitable. Patches for versions prior to X are expected during the week of Dec 12, 2011. Patches for version X will not be released until the normal patch cycle date of Jan 10, 2012
NOTE: To verify that Protected mode is enabled, perform the following actions:
Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing.
- To verify Protected View for Acrobat X is enabled, go to: Edit >Preferences > Security (Enhanced) and ensure “Files from potentially unsafe locations” or “All files” with “Enable Enhanced Security” are checked.
- To verify Protected Mode for Adobe Reader X is enabled, go to: Edit >Preferences >General and verify that “Enable Protected Mode at startup” is checked.
Update December 19 –
Updated versions of Acrobat and Reader for version 9.x have been released. They are available at the following URLs.