13 January 2010, 13:02

Security update released for Adobe Reader and Acrobat

Adobe Logo Adobe has published the long-awaited 9.3 update for its Adobe Reader and Acrobat products to close a hole that has been seen being exploited in the wild for several weeks. The update also remedies seven other vulnerabilities, five of which allow attackers to infect a system by means of specially crafted PDF files. The attacks do not even require the special file to be opened manually. For an attack to be successful, a user only has to visit a manipulated website with the Reader plug-ins installed in their browser. In addition to version 9.2, the flaws also affect Adobe Reader 8.1.7 and Acrobat 8.1.7 for Windows and Mac OS X.

The new versions can be downloaded for Windows, Mac OS X and Linux. The vendor recommends that users switch to versions 9.x as soon as possible. Users of versions 8.x who cannot upgrade to 9.x for whatever reason should install 8.2 for Windows and Mac. Support for 8.x has, however, expired for Linux users. Their only recourse is the latest 9.3 update.

This update also marks the first "silent update" of the Adobe Reader for beta testers; the software is updated without prompting the user. If the test run goes well, the vendor plans to integrate the function in the official version of Reader. However, if they choose to users will be able to disable the option.

Adobe has also announced that there was an attack on its corporate network at the beginning of the year. Described as clever and coordinated, the attacks apparently also affected other companies. Adobe does not say whether these were the same attacks that Google reported, but Adobe assures users that no crucial data was lost, and the matter continues to be investigated. Adobe promises to use the insights gathered to beef up its infrastructure.

See also: