Adobe plugs PDF exploit with Acrobat and Reader revisions

Stephen Withers
Thursday, 12 March 2009 03:33

Your IT - Home IT

Adobe has updated Acrobat 9 and Reader 9 to fix a critical vulnerability that was being actively exploited with malicious PDF files.

A vulnerability in several versions of Acrobat and Reader could be exploited by maliciously crafted PDF files to cause crashing or to cause arbitrary code execution.

There have been reports that the vulnerability has been used in highly targeted attacks on large organisations. One exploit installs a remote access backdoor on Windows systems.

The problem apparently relates to the handling of JBIG2 data - a compression scheme for bi-level (eg black or white with no shades of grey) images.

Adobe has delivered on its promise to provide a fix by March 11.

Adobe Acrobat 9.1 and Reader 9.1 are now available for Windows and Mac OS X and plug this security hole.

They also address a number of customer workflow issues, according to Adobe officials, and improve the stability of the products.

The Unix version of Reader 9.1 should be available by March 25.

For those unable to run Acrobat 9 or Reader 9, Adobe plans to release a corresponding update for versions 7 and 8 by March 18.

Reader 9.1 is available here, while updates for Acrobat are available via this page on Adobe's site.