In March of this year, Adobe released Version 9 of their free pdf display software, Adobe Reader.Not long after, they acknowledged that they had had several security flaws in all previous versions. In November they released Version 9.1, which addressed the most egregious errors.
A month later they released another security warning and update which was supposed to go even further in stopping the abuses that hackers were able to perpetrate. They promised to re-write more of the basic code (hardening) so that they wouldn’t have problems in the future.
The future came early. For the last several weeks there have been continuous updates that were labled Urgent.
Sub-bottom Line: Versions before 9.1 have a vulnerability that allows ‘no click’ ability to executables – Make certain to upgrade all computes in your domain now…the computer you don’t change can affect (infect) those which do. Remember, Adobe has found exploits of Reader in the field.
This week, Adobe announced a new Security Update and said that they were going to go on a cycle of releasing upgrades on a 3 month cycle, similar to the dates that Microsoft uses for their monthly security patches.
Adobe reiterated that users must look to anti-virus programs for protection.
What are the problems and what does it mean to you?
Obviously, it is common to receive pdf files. What isn’t well understood is that withing the file there can be executable code. That would be fine if it were only multimedia files. But hackers have figured out how to put trojans and viruses into the pdf…which can execute as you read.
These trojans might do nothing obvious, but they could sit in the background collecting data? They might hang out until they decide that circumstances are ripe for spreading onto your network.
SOLUTION: Stop reading this article and upgrade every single copy of Reader on every computer you can get your hands on.
Click here to<a href=”http://www.adobe.com/support/security/bulletins/apsb09-03.html” > download the Adobe update</a>.