Ladies and Gentlemen, update your PDF readers..

Filed Under: Adobe, PDF, Vulnerability

Adobe Acrobat PDF folder
Last month we warned you about a critical zero-day vulnerability in the ubiquitous Adobe PDF Reader that was being exploited by hackers to infect computers.

The risk is that hackers could craft a malformed PDF file that could trigger the vulnerability, allowing them to open a backdoor and run malware on your computer. Using this technique it would be simple cor cybercriminals to spam out a PDF file that would infect your PC, or plant malicious PDF content on a website.

There was concern at the time the vulnerability was discovered that Adobe said they would not be rolling out a patch until March 11th, as we had already seen the exploit being used.

So, it's with some relief that we can now confirm that Adobe has issued an update which reportedly fixes the vulnerability. Windows and Apple Mac users can read more and download Adobe Reader 9.1 from Adobe's website. I strongly recommend that if you use Adobe Acrobat Read that you download this update as soon as possible.

The only fly in the ointment is that Unix users have not had their version of Reader updated by Adobe. According to the firm, they may have to wait until March 25th.

Foxit Reader
One other thing to note is that Adobe's software is not the only PDF-reading solution that requires a security update.

Some internet users decided some time ago to use the PDF reading alternative FoxIt Reader, claiming that it is speedier, requires less of a memory footprint and obviously isn't necessarily vulnerable to the same exploits as Adobe's product.

However, in a useful reminder to us all that every piece of software needs to be kept up-to-date with security patches, FoxIt Software has announced that its product has also been updated to fix a number of security vulnerabilities. Read more and download an up-to-date version of FoxIt Reader from their website.

, , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.