Adobe posted a vulnerability report warning that vulnerabilities in Adobe Reader and Acrobat XI (11.0.1) and earlier versions are being exploited in the wild. Adobe is currently investigating this issue.
"On February 13, 2013, Adobe released a security advisory for new vulnerabilities, CVE-2013-0640 (BID 57931) and CVE-2013-0641 (BID 57947), in Adobe Reader and Acrobat being exploited in the wild. Adobe is currently working on a fix.
"Though the attack appears to be limited, we advise customers to exercise caution when opening PDF files from unknown sources. Customers are advised to apply the patch once it becomes available."
I.D.S. has been released, so please Run Norton LiveUpdate to make sure you have these installed. Current I.D.S. are 20130214.001. Virus Defintions - 02/14/2013, Rev. 005 - have also been released.
In a previous blog, Symantec reported on a new Adobe zero-day vulnerability (CVE-2013-0640, CVE-2013-0641) affecting Adobe Reader and Acrobat XI (11.0.1) and earlier versions, that was being actively exploited in the wild. Adobe has yet to release a patch for this zero-day, but in an advisory they have provided a means of mitigation against the attack.
Latest Virus Definitions: 02/19/2013, Rev. 003. Please make sure you have this Set installed as soon as possible as there are multiple New Detections Added For This Release.
The report, APT1: Exposing One of China's Cyber Espionage Units, published by Mandiant earlier this week has drawn worldwide attention by both the security world and the general public. This interest is due to the conclusion the report has drawn regarding the origin of targeted attacks, using advanced persistent threats (A.P.T.), performed by a certain group of attackers dubbed the Comment Crew. You can read Symantec’s response to the report here.
Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.01 and Earlier) for Windows and Macintosh, X (10.1.5 and Earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x Versions for Windows and Macintosh, and Adobe Reader 9.5.3 and Earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.