IT Security Blog

The folks over at SecurityFocus have published yet another Adobe PDF Reader related vulnerability.  No exploits have been seen in the wild at this time taking advantage of this flaw, but unless patched quickly by Adobe will likely come in short order due to the prevalence of Acrobat Reader in the wild and the success of previous exploits. 

This is in no way an endorsement of this product, but if you are looking for an alternative to Adobe's PDF reader, consider looking into FoxIt Reader by FoxIt Software.  As with any software, it has its own vulnerabilities that have been patched, but since it isn't as widely used has not been as highly targeted as Adobe's products.  There are other alternatives available as well.  Consider looking into them if you frequently find yourself opening PDFs as part of your daily professional or personal responsibilities.

Adobe has released a security bulletin warning users of a new vulnerability found in both their Acrobat and Acrobat reader products for which an exploit is currently available in the wild.

According to a post by the folks over at shadowserver.org the exploit requires Javascript to implement so in the meantime it is recommended that you disable JavaScript in Adobe Acrobat and Adobe Reader in order to mitigate this vulnerability.

Adobe is aware of the problem and is said to be releasing an update to fix versions 9.x on March 11, 2009 with an update for 8.x versions shortly afterward followed later by 7.x updates. 

If you wish to signup for security alerts from Adobe on their products so that you can be alerted when new security advisories are posted you can do so here.

In an article posted today by SC Magazine Andre De Mino, founder and director of shadowserver.org warned that he expects exploitation of this vulnerability to be widespread based on users' frequent willingness to trust and open PDFs.  I would agree.