Plug Critical Hole in Adobe Reader

A new patch from Adobe, released yesterday, closes a critical hole in Adobe Reader and Acrobat that could potentially allow an attacker to take control of a vulnerable system.

The flaw affects Adobe Reader 9.1 and earlier, as well as Adobe Acrobat Standard, Pro and Pro Extended 9.1. Updates are availabe for Windows, Mac and UNIX versions (the UNIX patch also fixes a second flaw that only affects that platform).

These days, the bad guys often go after flaws in programs rather than in the operating system, and Adobe's Reader and Acrobat have been especially attractive targets lately. (Office apps are another popular target, and Microsoft patched PowerPoint yesterday).You can get the patch right away by starting the program and clicking Help | Check for Updates. Click Preferences in the resultant pop-up to verify that Reader is set to automatically check for patches every week.

This patch fixes a hole disclosed in April, and Adobe had previously advised disabling Javascript in Reader to guard against potential attacks. Find those instructions in Adobe's initial warning, and for more details and links see Adobe's security bulletin.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon