John Paczkowski

Recent Posts by John Paczkowski

Here’s a Patch for You, Adobe: \Acrobat\Uninstall.exe

adobe-acrobat-reader-256x256There’s a critical vulnerability in Adobe’s Reader and Acrobat PDF software and at least one zero-day exploit for them in the wild already. Yet Adobe (ADBE) won’t have a fix in place until March 11, and then only for Adobe Reader 9 and Acrobat 9. Patches for earlier versions of the software will arrive sometime after that.

Two and half weeks or longer to wait for a critical patch.

In the meantime, exploits for the flaw will no doubt grow in number and cunning–a nightmare since the PDF format and Adobe’s related apps are so widely used. “Right now we believe these files are only being used in a smaller set of targeted attacks,” security group Shadowserver said in an advisory on the matter. “However, these types of attacks are frequently the most damaging and it is only a matter of time before this exploit ends up in every exploit pack on the Internet.”

Shadowserver recommends disabling Javascript in Acrobat and Reader to limit exposure to such attacks. There are, of course, other solutions as well–Foxit for Windows users, Preview for Mac users, and Xpdf for Linux users.