Adobe fixes 28 holes in Reader and Acrobat

Adobe on Tuesday released a security bulletin that includes fixes for 28 vulnerabilities in Adobe Reader and Acrobat, including a critical hole that has reportedly been exploited in the wild in limited attacks.

Affected software includes version 9.1.3 of Reader and Acrobat; Acrobat 8.1.6 for Windows, Macintosh, and Unix; and version 7.1.3 of Reader and Acrobat for Windows and Macintosh. The vulnerabilities could cause the applications to crash and could allow an attacker to take control of a user's computer.

Adobe recommends that people update to Adobe Reader 9.2 and Acrobat 9.2, or Acrobat 8.1.7 or Acrobat 7.1.4. For Adobe Reader users who cannot update to Adobe Reader 9.2, Adobe has provided the Adobe Reader 8.1.7 and Adobe Reader 7.1.4 updates.

One of the updates addresses a hole that Trend Micro says has been exploited by a Trojan horse that arrives as a PDF file containing malicious JavaScript. That exploit affects Microsoft Windows 98, ME, NT, 2000, XP, and Server 2003, according to Trend Micro.

"All users of Adobe Reader or Acrobat will need to update their software with today's release because these updates include fixes for the most critical kind of bugs," said Andrew Storms, director of security operations at nCircle.

This is Adobe's second quarterly security update for Adobe Reader and Acrobat.

Also on Tuesday, Microsoft issued a security advisory with a record number of bulletins, including the first fixes for critical holes in Windows 7.

[baconstang]

Not until the 4th paragraph is it mentioned that the exploits affect only Windows. Couldn't CNET move the part about what systems are affected to the first paragraph. You still get the page hits, but users of other systems wouldn't have to waste their time reading through the article.

[Perry_Clease]

To be fair I have read on several websites that there was potential for the exploit on other OSs. How much potential i don't know, I am an artist not a programmer. I am running Snow Leopard and my Adobe Updater is currently downloading updates to Acrobat and Reader 9.

[baconstang]

I was wrong, and just finished installing the update on my MacBook. <br />On many articles about exploits, my point still stands. Usually you have to click on the article and read well into it before it mentions that it only affects Windows.

[db32--2008]

I'm not trying to be rude, but how valuable is 15 seconds of your time? You probably spent longer typing out your responses.

[baconstang]

My bad, missed the mention in the second paragraph. Sorry, I've got a horrible cold.

[Perry_Clease]

My wife is just getting over one, a cold and not the flu.<br /><br />Take care.

[db32--2008]

I'm not trying to be rude, but how valuable is 15 seconds of your time? You probably spent longer typing out your responses.

[rashinal]

baconstang's comment may have been misplaced with regards to this particular article, but I agree.. a "news" article should convey the most important facts first.. right up front.. and this is often not the case in articles of this nature. What is most important about attacks, exploits, vulnerabilities, is what platforms and versions are affected. Then I know if I need to read on...

[deniceels]

I think being in the 3rd line of the article, abeit 2nd paragraph, is front enough to be upfront. Infact, after they introduced what was done, it went on to mention the platforms that are updated before going into details is there to read subsequently.