Security hole in Adobe Reader
- By Joab Jackson
- Nov 05, 2008
A recently unearthed vulnerability in older versions of Adobe Reader software leaves users vulnerable to Web-based attacks, according to an alert
released by Adobe.
Version 8.1.2 of the Portable Document Format (PDF) Reader and earlier versions possess this vulnerability, as do versions 8.12 and earlier of the Adobe Acrobat Professional, 3-D, and Standard editions.
The company recommends upgrading
to version 9 of Reader. If moving to version 9 is not feasible, users can also upgrade to version 8.1.3, also available from the same page.
For the Acrobat PDF authoring application, the company is offering updated versions to download, for both Microsoft Windows
, and Macintosh
The patches also address several other less-critical vulnerabilities.
In addition to updating the software, users may take further action to prevent such attacks from occurring. As PDFs found online are frequently opened directly from Web browsers, the United States Computer Emergency Readiness Team recommends
According to Core Security Technologies, the research company that found the vulnerability, the problem
This vulnerability is currently under review as a candidate for the National Vulnerability Database, under Common Vulnerabilities and Exposures (CVE) numbers CVE-2008-4817
Joab Jackson is the senior technology editor for Government Computer News.