Adobe has issued a security advisory regarding a zero-day vulnerability that is being exploited in the wild against Windows computers. This critical flaw affects Adobe Reader and Acrobat for Mac, as well as Windows and Unix, but attacks are only being seen against Windows computers for now. As Adobe says in their security advisory:
This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.
So, Mac users don’t need to worry yet. However, given that “Adobe categorizes this as a critical issue,” there will be a fix for the Mac versions of these programs “as part of the next quarterly update scheduled for January 10, 2012.”
These kinds of zero-day attacks are increasingly common against Adobe Reader and Acrobat, as PDFs are ubiquitous. As of yet, we have not seen any of these attacks target Macs, but it is certainly possible that Macs will be attacked in the future.
Remember, you can use Preview to view and annotate PDFs on Mac OS X. Unless you need special features that are present in Adobe’s software, this is the safest thing to do.
