In an announcement today the folks at Adobe let us in on an 0-day vulnerability that is causing issues for their Reader and Acrobat products. This has become the resident running joke in the security community.
From Adobe announcement:
A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild.
Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability.
In the meantime refrain from opening files from untrusted sources blah blah blah. This hamster wheel of pain is trying at the best of times.
(Image used under CC from elycefeliz)
I am not even surprised when I see Adobe 0 days at this point. How long until they decide it’s just time for a complete rewrite?
@Brooks I couldn’t agree more. It has gone well beyond the absurd at this point.