Adobe Closes Zero-day Hole in Reader, Acrobat

To ward off attacks reported in February that went after an unpatched, zero-day security hole in Reader and Acrobat, Adobe yesterday released a 9.1 update for Windows and Macintosh users.

The fix is only available for version 9, with an update for older 7 and 8 versions expected by March 18, the company says. Unix users will need to wait until March 25 for an update.

The flaw allows an attacker to take over a vulnerable PC if you open a poisoned .pdf file, usually sent as an e-mail attachment. Pick up version 9.1 asap, and see Adobe's bulletin for more information. Also be aware that, according to the Internet Storm Center, disabling Javascript on older 7 and 8 versions (a suggested workaround from Adobe) while you wait for an update won't protect you. You can still get nailed by an attack against this flaw if you disable Javascript, so your best bet is to update to the latest version.

Subscribe to the Security Watch Newsletter

Comments