Guessing games regarding Adobe Reader update
Adobe has released an updated version of its Reader software that fixes some unknown vulnerabilities. The release notes mention in passing that the update fixes vulnerabilities in version 8.1.2 of Acrobat reader, but the vendor neglects to clarify their level of severity. In the security community this procedure is usually referred to as 'silent fixing', meaning a policy of restricting information to keep the true scale of the problem secret. This has led to some disquiet among security specialists. Adobe has since released a security advisory which indicates a number of critical vulnerabilities, but still gives no further information on them.
A brief report that an attacker could gain control of a printer by exploiting another vulnerability was recently published on a security mailing list. Whether spammers have yet spotted the potential for this as a new way of distributing their wares is not known. Users should switch to the latest version 8.1.2, which is available via download for Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows 2003 Server, Windows Vista and Mac OS X.
- Security update available for Adobe Reader and Acrobat 8, security advisory from Adobe