Adobe fixes critical vulnerability in older versions of Acrobat and Reader
Adobe has released the Adobe Reader and Acrobat 8.1.4 and 7.1.1 updates for Windows and Mac to address a previously reported critical vulnerability, which was patched in version 9.1 last week. The vulnerability allowed malicious code to be injected and executed with the users permissions by using a specially crafted PDF file. Users who have not yet updated to version 9.1 are advised to install the respective updates. According to Adobe, version 9.1 and 8.1.4 should be available for Unix by the 24th of March.
The hole was patched in version 8.1.3, published in November of 2008, but is only now being patched in version 9.1 and 7.1.1. The new security advisory does not contain any additional details and the associated CVE entry 2009-0927 was only reserved on the 17th of March.
This all seems to suggest that Adobe only releases information about vulnerabilities as a last resort, or when it can't be avoided. This practice generates information chaos concerning its security issues, which could very well have a negative effect on consumer confidence.
- Security Updates available for Adobe Reader and Acrobat, advisory from Adobe.
- Security updates for Foxit Reader, a report from The H.