Network News

X My Profile
View More Activity

Adobe Issues Critical Acrobat, Reader Updates

Adobe has issued a software update to fix at least eight security flaws in its Acrobat and Adobe Reader applications, that if left unpatched could be used by attackers to take control of vulnerable systems, the company said. The vulnerabilities affect Acrobat and Reader versions 8.1.2 and earlier.

adobesig.jpg

Adobe characterizes this as a "critical" update -- its most serious rating -- meaning the flaws could let an attacker run and install malicious software on a victim's computer without the victim's knowledge.

Updates are available for Reader versions on Microsoft Windows, Linux/Solaris and Mac OS X.

The software maker says users with Adobe Reader 8.0 through 8.1.2, who can't update to Adobe Reader 9, should update to Adobe Reader 8.1.3, and that the latest full version of both products, Adobe Reader 9 and Acrobat 9, are not vulnerable to these issues. Links to updates for different versions of Acrobat are available in Adobe's security advisory.

Adobe adds that it is not aware of any reports that these issues are being exploited in the wild. Rather, all were privately reported to the company. Interestingly, six out of eight of the flaws were reported to Adobe by researchers who sold the information to vulnerability management firms like iDefense and TippingPoint.

These companies and others that buy up vulnerability findings from researchers, yet also mange the notification of the affected vendors, often have been criticized by many in the security community for cashing in on security flaws. Like it or not, however, the research these firms purchase is making up an increasing share of the flaws fixed in a number of major commercial software updates.

By Brian Krebs  |  November 5, 2008; 7:00 AM ET
Categories:  Latest Warnings , New Patches , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Election Hoax Sent Via D.C. Based E-Campaign Group
Next: Malware Piggybacks on Obama Win

Comments

This is very convenient for Adobe. Adobe 9 is silently packaged with something called "Adobe Air" and "Acrobat.com".

Posted by: moike | November 5, 2008 8:28 AM | Report abuse

There is an alternative. "FixIt" is a great .pdf reader that takes up much fewer resources than Adobe and is also faster. It also doesn't get pushed out with junk attached like moike points out.

On a side note, Quicktime is starting to package extra junk too. If installing that, make sure you de-select it (unless you want it of course).

Posted by: hokiealumnus | November 5, 2008 9:01 AM | Report abuse

Err ...typo. The program is "FoxIt". Get it here: http://www.foxitsoftware.com/pdf/rd_intro.php

Posted by: hokiealumnus | November 5, 2008 9:02 AM | Report abuse

BK, do you know someone at Adobe I could contact directly for help with Flash Player? I tried going through the customer service portal, but the guy just gave me boilerplate answers that didn't help, and I haven't heard back from him in five days.

I have the latest version of the Firefox player installed, but many websites can't detect it. One of the pages that doesn't work is the "Test Drive" feature in the Post's Sunday Source section.

I think a registry cleaner I used may have messed up the permissions for the program, but I'm not sure how to confirm that.

I've tried uninstalling and reinstalling the player several times, and made sure the Adobe files were gone before reinstalling. Javascript is enabled.

This is getting frustrating. Thank you for any suggestions you (or others) can offer me.

Posted by: Heron | November 5, 2008 2:29 PM | Report abuse

Heron -- Forgive me for asking the obvious, but are you using Noscript for Firefox? That blocks most flash by default. Anyway, just thought I'd start with the obvious.

Posted by: BTKrebs | November 5, 2008 2:33 PM | Report abuse

Yes, I use NoScript, but I have it set up to allow the features I like. This problem started several weeks ago; before then, I didn't have any trouble with Flash.

Posted by: Heron | November 5, 2008 2:42 PM | Report abuse

Oh, and I know it's not NoScript's fault, since Flash doesn't work correctly on those sites in IE or Opera, either.

Posted by: Heron | November 5, 2008 3:01 PM | Report abuse

I have an "interesting" problem: I can't update OR delete Adobe Reader. Every time I try I end up with a message saying, in effect, it needs Adobe Reader 7.0.5.msi to proceed. I point the message to the file I have by that name, but it only comes back with the same message.

Anyone have any thoughts on how to delete and reinstall the Reader.

Posted by: jim98851 | November 6, 2008 8:42 AM | Report abuse

Jim -- Have you tried the suggestions at this page here?

http://kb.adobe.com/selfservice/viewContent.do?externalId=kb400654&sliceId=2

Posted by: Brian Krebs | November 6, 2008 11:40 AM | Report abuse

Jim -- Also, Microsoft's uninstall cleanup utility may be of use here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;290301

Posted by: Brian Krebs | November 6, 2008 11:42 AM | Report abuse

"... Adobe... is not aware of any reports that these issues are being exploited in the wild..."

That changed today: http://isc.sans.org/diary.html?storyid=5312
Last Updated: 2008-11-07 15:54:09 UTC

Time for Foxit (free): http://www.foxitsoftware.com/downloads/
Latest version: Foxit Reader 2.3 (.exe) 2.3 Build 3309

.

Posted by: PC-tech | November 7, 2008 1:41 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company