It was a relatively quiet Patch Tuesday for Microsoft this month, with just one security update being issued for Windows users (and even then, it was only rated “critical” for users of Windows 2000).
But it was a different matter entirely for Adobe, who on the same day issued fixes for multiple vulnerabilities in its Adobe Reader and Adobe Acrobat software, one of which has been actively exploited by hackers (and detected by Sophos as Troj/PDFJs-FS since mid-December).
If you’re a user of Adobe Reader and Acrobat (and, let’s face it, most of you are) then please go and read the security bulletin, and download the updated versions right now.
All you had to do was adjust the appropriate option under the Edit / Preferences menu:
Malicious PDFs are one of the favoured methods used by the bad guys to launch a spear-phishing or targeted attack against companies – so the best way to protect your business is to ensure that you have proper security in place, and are running a fully-patched version of Adobe’s products.