Adobe has posted information about a known critical security vulnerability affecting Adobe Reader and Adobe Acrobat on Windows, Mac and Unix operating systems. According to Adobe there are reports about a limited attack on the Windows versions of Adobe Reader and Adobe Acrobat 9.1.3 (and most likely earlier). A patch that is fixing the issue will be released by Adobe on October 13 for all operating systems as part of the Adobe Reader and Acrobat quarterly security update.
Windows Vista and Windows 7 who have DEP enabled (that’s Data Execution Prevention) are protected from the exploit. Users who work with different operating systems are encouraged to disable JavaScript to protect against the specific known exploit. Adobe mentions that it is on the other hand possible to create an exploit that does not rely on JavaScript.
Adobe plans to resolve this issue as part of the upcoming Adobe Reader and Acrobat quarterly security update, scheduled for release on October 13. Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista will be protected from this exploit. Disabling JavaScript also mitigates against this specific exploit, although a variant that does not rely on JavaScript could be possible. In the meantime, Adobe is also in contact with Antivirus and Security vendors regarding the issue and recommends users keep their anti-virus definitions up to date.
Probably the best protection at this point is to uninstall Adobe Reader and Adobe Acrobat and install a third party pdf viewer like Foxit Reader, muPDF or STDU Viewer. Additional information are available at the Adobe website.
Update: New versions of Adobe Reader and Adobe Acrobat have been released by Adobe Software. The new versions are available for download at Adobe, or via the program’s internal update mechanism. Users who upgrade to the latest version are no longer vulnerable to this particular exploit.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
Adobe Reader and Acrobat Critical Security UpdateAnother Adobe Reader Zero Day Vulnerability In The Wild
Adobe Still Offering Insecure Adobe Reader Version
Adobe Security Updates For Flash, Adobe Reader
Adobe Reader and Acrobat Security Updates
Besides the frequent security issues, Adobe Reader install size is 200MB+(yes, 200MB to read pdf’s) while FoxIt install size is 7MB. Hmmmm.
Anybody who uses Adobe Acrobat is a vulnerability. With better and free alternatives like PDF-Xchange you will get no sympathy here.
foxit 100%
adobe 0%
adobe is bloatware