PDFs are indeed ‘under attack,’ as today Adobe noted a new security vulnerability and researchers also discovered the Foxit PDF Viewer is open to attack as well.
First up, Adobe’s latest announcement, posted today regarding what it terms ‘a critical vulnerability’ identified in Adobe Reader 9 and Acrobat 9 as well as earlier versions. In the bulletin, Adobe said the vulnerability will call the aforementioned applications to crash and could ‘potentially allow an attacker to take control of the affected systems.’ Adobe also acknowledged that there are reports the vulnerability issue is already being exploited.
Adobe’s recommendation is that users of Adobe Reader and Acrobat 9 update to Adobe Reader 9.1 and Acrobat 9.1. Adobe is planning to make available updates for Adobe Reader 7 and 8, and Acrobat 7 and 8 by March 18th.
Unix users will have to wait till March 25th for Adobe’s upgraded release of Acrobat Reader 9.1.
For Adobe Reader 7 and 8 and Acrobat 7 and 8 users who will not be able to update to Adobe 9.1, Adobe encourages them to stay aware of the latest patches and vulnerabilities by registering with the Adobe Product Security Incident Response Team blog.
In other PDF vulnerability news, Foxit PDF Viewer has also been cited as being open to attack, but the folks at Foxit have provided a free patch for the vulnerabilities cited by researchers at security firm Secunia as well as Core Security Technologies.