Adobe Closes Zero-day Hole in Reader, Acrobat

To ward off attacks reported in February that went after an unpatched, zero-day security hole in Reader and Acrobat, Adobe yesterday released a 9.1 update for Windows and Macintosh users.

The fix is only available for version 9, with an update for older 7 and 8 versions expected by March 18, the company says. Unix users will need to wait until March 25 for an update.

The flaw allows an attacker to take over a vulnerable PC if you open a poisoned .pdf file, usually sent as an e-mail attachment. Pick up version 9.1 asap, and see Adobe's bulletin for more information. Also be aware that, according to the Internet Storm Center, disabling Javascript on older 7 and 8 versions (a suggested workaround from Adobe) while you wait for an update won't protect you. You can still get nailed by an attack against this flaw if you disable Javascript, so your best bet is to update to the latest version.

Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Security Watch Newsletter