In association with heise online

18 February 2010, 09:36

Adobe still distributing old vulnerable Reader

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom The H Update Check finds the insecure version

Security service provider Secunia has reported that Adobe is still distributing versions of Adobe Reader that contain known vulnerabilities. On Tuesday, Adobe had warned in a security advisory of a critical vulnerability in version 9.3. Adobe stated it had released an out-of-series update to version 9.3.1 to fix the problem. However, users only get that more secure version through the update mechanism installed with Reader.

As a test by The H found, on the official download page Adobe is actually offering the old version. This was confirmed by The H Update Check which reported that the vulnerable 9.3.0 version was installed. Shortly after the built-in update mechanism in Reader kicked in and announced that a new version was ready for installation.

A similar problem occurred with Adobe in Summer 2009. Users should manually update by triggering the update mechanism (Select Help in Reader and then Check For Updates) immediately after installing the PDF reader - or just choose a safer alternative product.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit