Adobe Acrobat Reader is as close to ubiquitous as it comes. Most new Windows-based computers come with installed and many websites offer up documents in PDF format.
That makes Acrobat Reader a juicy target for hackers and a critical vulnerability has been discovered in Acrobat Reader versions 9 and earlier that could expose users to serious risk.
There are reports that exploits are already making the rounds and if these are accurate, which they appear to be, look out.
The vulnerability could be used to crash Acrobat Reader using what's called a 'buffer overflow' and these are the one of the worst kinds because they often give a hacker could take over a user's computer entirely. That's the case here.
Adobe says it will have a patch for Acrobat Reader 9 by March 11. Patches for earlier versions will follow.
Given how widely-used PDFs are, hopefully Adobe's cooperation with anti-virus vendors will prevent a nightmare scenario from unfolding. As InfoWorld notes, this will probably lead to an increase in malicious PDFs.
Functionality and ubiquity always have their price.
Patricio Robles is a tech reporter at Econsultancy. Follow him on Twitter.
Recommended reports
Content Management Systems (CMS) Buyer's Guide
An invaluable resource for those investigating the market for content management systems (CMS), with profiles of 21 leading vendors, the latest market trends and tips and pitfalls for buyers. The 283-page report provides details on the issues and trends affecting this sector, as well as information about best practice and tips for successful CMS implementations.
CMS Survey Report 2009
A comprehensive analysis of how companies are using web content management, how much they are spending and how they rate their CMS. The report, sponsored by Squiz.net, covers licensed and open source CMS.
10:43PM on 20th February 2009
Existing PDFs on your own websites are probably not an issue, but you need to check that anything new received from elsewhere is safe. A temporary mitigation to protect yourself seems to be to disable JavaScript in Acrobat Reader and other Acrobat products.
Let's not forget about keeping all software patched and up-to-date and checking our own websites for weaknesses while we are at it.
11:24AM on 4th September 2009
Can anyone confirm (or can anyone post a reference) that Acrobat version 6 is, or is not, affected by this exploit or has this vulnerability? Is there any example code available for vulnerability testing?
locksmith at locksmith
8:06AM on 7th January 2010
I receive an error when I try to open old version acrobat file with newer versions.
7:12PM on 21st April 2011
Haha, I installed Acrobat Reader 10 (automatically), but it turned out it's not compatible with my editor Texniccenter. I tried to fix it once but it didn't work so I uninstalled it and installed an older version of Acrobat, now it works perfectly.
But I was not able to work for a couple of hours. Those automatic upddates sure wastes a lot of time by all trouble it causes. It must be a very huge sum of wasted hours of peoples lives.
Also, there is no guarantee that Acrobat Reader 10 is safe, just because it has been discovered the old versions are not perfectly safe. (If you find two socks with holes in your drawer, it doesnt mean you are quaranteed that all the other socks are good)
Sugestion nr 1. If you dont need an upgrade, dont upgrade, it often costs you more trouble than it saves, that's my experience, and the recomandations of the professionals, except those professionals selling software. And turn off automatic updates for most software.