Two critical holes closed in Adobe Reader and Acrobat
Users are advised to install the versions available for Windows, Mac OS X and Unix/Linux as soon as possible; this can either be done via the automatic update feature or by manual download:
In addition, version 8.2.1 is available for Windows and Mac OS X users who are unable to update to version 9.x for certain reasons. A study released by ScanSafe emphasises the importance of installing updates as quickly as possible. According to the study, the highest number of exploits monitored in the last quarter of 2009 targeted holes in PDF applications. ScanSafe analysed several billion web accesses. 80% of attacks exclusively targeted the Reader plug-ins in browsers.
The study also showed that 18% of attacks targeted Flash, which means that attacks on browser holes have now all but stopped. It seems that cross-browser plug-ins make work easy for criminals who no longer need to write browser-specific exploits. However, this would also mean that current tips for surfing the web with allegedly safe, alternative browsers are pointing in the wrong direction. Choosing alternative plug-ins such as the Foxit reader and creating secure configurations would be much more sensible advice.
- Security updates available for Adobe Reader and Acrobat, security advisory from Adobe.
- Adobe fixes critical vulnerability in Flash, a report from The H.