Adobe is urging users to be cautious when handling PDF files after hackers used a flaw in Adobe Reader and Adobe Acrobat to attack users' systems.
In a security bulletin, Adobe said it had received reports of attacks targeting a previously unknown flaw in Adobe Reader and Acrobat.
When exploited, the flaw allows an attacker to execute code and steal data on systems remotely.
The issue is believed to affect version 9.0 and earlier of both applications. The way the programs handle JavaScript within PDF files is said to be the problem.
Adobe expects to issue a patch for the problem by 11 March but I would like to say “I am not holding my breath here”.
Let's face it; this is not the first problem that has been with the Adobe Acrobat Readers. We have had holes like this before an d it took a while before any patched were available.
It is a shame that the Open Source PDF readers are not as yet all ready to do the same as Acrobat Reader when available for Windows. In most cases the readers for Linux can do exactly the same as Adobe Reader and even better some of them.
Michael Smith (Veshengro), February 2009
<>