Critical security update for Adobe Reader and Acrobat

Filed Under: Adobe, Malware, PDF, Vulnerability

Adobe logo
Adobe has issued a security bulletin urging users of its Adobe PDF Reader and Acrobat products to update their software before hackers take advantage of two critical vulnerabilities.

Adobe Reader 9.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3 for Windows and Macintosh, and Adobe Reader 8.2 and Acrobat 8.2 for Windows and Macintosh are vulnerable to a flaw that could be exploited by hackers to make unauthorised cross-domain requests. This same vulnerability was revealed in Adobe Flash Player last week.

Meanwhile, another flaw could give hackers an opportunity to inject malicious code onto computers via vulnerable installations of Reader and Acrobat.

As we've mentioned many times before, it's essential that you keep your installations of Adobe's software up-to-date as they are increasingly being taken advantage of by hackers to launch attacks.

Adobe recommends users of Adobe Reader 9.3 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.1 if possible. Similarly, Adobe Acrobat should be updated to version 9.3.1. It's a shame, therefore, that Adobe's Reader advisory makes such a bad job of linking to the right files.

For instance, the link it is giving for the Mac update actually links to a page full of Windows files:

A not entirely helpful link for Mac users

Hopefully Adobe will sort that out soon, and make it clearer where users can download the right patches for their operating system from. I, for one, am still finding it difficult to locate Adobe Reader 9.3.1.

Update: Thanks to Adobe's @bradarkin who managed to get the broken Mac link fixed.

It turns out that part of my difficulty in finding Adobe Reader 9.3.1 is that Adobe isn't listing its updates on its website in chronological order ("for reasons unknown").

Adobe Reader updates

, , ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.