March 10th, 2009
Adobe PDF patch released, but only for some
After weeks of swinging and missing on proper response to a gaping security hole in its ever-present PDF Reader software, Adobe has finally shipped a patch but only for some affected users.
On the same day Microsoft issued its scheduled batch of patches, Adobe dropped a security bulletin warning of a “critical” vulnerability in Adobe Reader 9 and Acrobat 9 and earlier versions. However, if you are a user of one of those “earlier versions,” you’ll have to wait at least for another week.
[ SEE: Adobe swings and misses as PDF abuse worsens ]
The Adobe bulletin explains the severity:
- This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.
Only Adobe Reader 9 and Acrobat 9 is patched.
- Adobe is planning to make available updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, by March 18. In addition, Adobe plans to make available Adobe Reader 9.1 for Unix by March 25.
ALSO SEE:
Unofficial ‘patch’ for Adobe Reader, Acrobat zero-day
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
