Last week, Adobe Systems acknowledged a vulnerability in versions of Adobe Reader written for UNIX platforms. The flaw, first reported by security firm IDefense, allows a buffer overflow to be exploited to execute arbitrary code under the privileges of the local user. This remote access is made possible by PDF’s portability: opening or downloading a document via web link or from email could render systems open to attack if they are running the affected software.
According to Adobe’s Support Knowledgebase, the problem is limited to Adobe Reader 5.0.9 and 5.0.10 for Linux, Solaris, HP-UX and IBM-AIX, and can be fixed by simply updating to the latest versions — Reader 7 for Linux and Solaris users, and Reader 5.0.11 for HP-UX and IBM-AIX users.
The latest versions of Adobe Reader can be downloaded from the Adobe web site.