Adobe yesterday finally plugged a security hole in its popular Acrobat Reader (for .PDF files), a hole that had been left open for almost two months.

adobe_logo_sml

That delay in addressing the issue, considered excessive by many,generated a lot of criticism toward Adobe. TLP’s resident security expert, Eric Jacksch, takes a detailed look at that kafuffle in a separate story today.

In its official advisory, Adobe notes that the vulnerability had some pretty serious potential consequences…

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe recommends that Users of Reader and Acrobat 9.0 update, now, to version 9.1. Updates for versions 7 and 8 should be available in about a week.

Leave a Reply