Adobe PDF Bug Eases Way for Thieves

Adobe has patched a new problem with cross-site scripting (or XSS) in its Acrobat and Reader browser plug-ins that, according to security researchers, gave criminals an incredibly simple way to enter your system. Adobe says attackers could exploit the flaw through one easy-to-add line of programming in a doctored PDF and thereby take control of a computer.

Any browser that has the plug-in loaded is affected, so users of Firefox and Opera are as much at risk as IE users. Versions 7.0.8 and earlier of Acrobat and Reader are vulnerable. Adobe recommends upgrading to Acrobat 8 or, if that isn't possible, to 7.0.9 (6.0.6 for users who are limited to older editions). Get all the updates and more details from the Adobe Security Bulletin.

Early Vista Bug

Windows Vista may be much more secure than previous versions of Windows, but don't let your guard down just yet. Microsoft has acknowledged a privilege-escalation bug that affects XP and Vista alike. The problem, though not nearly as dangerous as many XP bugs, could allow an attacker to make system changes that Vista's User Account Control feature would otherwise block. Microsoft hasn't provided a planned fix date. For more information, see the Microsoft Security Response Center Blog.

QuickTime Flaw

Apple has patched another critical hole in its popular media software that affects both the Mac OS X and Windows (XP and 2000) versions. First revealed by the "Month of Apple Bugs" online project, the flaw enables attacks that use poisoned links starting with "rstp://" to take over your PC. Grab the patch at the Apple Downloads page.

Stuart J. Johnston is a contributing editor for PC World.