In association with heise online

20 March 2009, 09:48

Adobe fixes critical vulnerability in older versions of Acrobat and Reader

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe has released the Adobe Reader and Acrobat 8.1.4 and 7.1.1 updates for Windows and Mac to address a previously reported critical vulnerability, which was patched in version 9.1 last week. The vulnerability allowed malicious code to be injected and executed with the users permissions by using a specially crafted PDF file. Users who have not yet updated to version 9.1 are advised to install the respective updates. According to Adobe, version 9.1 and 8.1.4 should be available for Unix by the 24th of March.

Previously, Adobe seemingly forgot to issue a security advisory about all of the issues that were addressed with the release of version 9.1. Adobe has now issued a security memo about "an input validation issue in a JavaScript method" that describes another critical vulnerability patched in the update.

The hole was patched in version 8.1.3, published in November of 2008, but is only now being patched in version 9.1 and 7.1.1. The new security advisory does not contain any additional details and the associated CVE entry 2009-0927 was only reserved on the 17th of March.

This all seems to suggest that Adobe only releases information about vulnerabilities as a last resort, or when it can't be avoided. This practice generates information chaos concerning its security issues, which could very well have a negative effect on consumer confidence.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit