Adobe Reader/Acrobat: gravi vulnerabilità versioni 9-X-XI

[mauripucci]

come da titolo Adobe segnala gravi "falle" in tutte le versioni di Adobe Reader e Acrobat:

Security Advisory for Adobe Reader and Acrobat
prego notare la data: Release date: February 13, 2012- Last updated: February 14, 2012
come è possibile? considerato che alcune delle versioni segnalate (10.1.5) sono state rilasciate ieri?
chiaramente nella fretta del comunicato c'è stato l'errore... confermato dalla data in fondo al documento:
REVISIONS
February 14, 2013: Advisory updated with information on Linux platform.
February 13, 2013: Advisory released.

AFFECTED SOFTWARE VERSIONS
Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh
Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh
Adobe Reader 9.5.3 and earlier 9.x versions for Windows, Macintosh and Linux
Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh
Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh
Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh

il consiglio è... di collegarsi al forum di Adobe... in attesa di ... up to date!

DETAILS
Adobe has identified critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier for Windows and Macintosh, and Adobe Reader 9.5.3 for Linux. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message.

Adobe is in the process of working on a fix for these issues and will update this advisory when a date for the fix has been determined.
Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at http://blogs.adobe.com/psirt" onclick="window.open(this.href);return false; or by subscribing to the RSS feed at http://blogs.adobe.com/psirt/atom.xml" onclick="window.open(this.href);return false;.

Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date.

http://www.adobe.com/support/security/a ... 13-02.html" onclick="window.open(this.href);return false;

[mauropasha]

Per fortuna noi abbiamo Anteprima!