If you've been prompted to install an Adobe Reader update in the last couple of days, I'd go ahead: it's to fix a rather nasty security bug.
A vulnerability report was made public
yesterday concerning Adobe's popular Reader product – specifically, the implementation of Javascript with Acrobat-created documents. The issue is present in all versions of Adobe Reader prior to 8.1.2 Security Update 1 as well as the commercial Acrobat packages used to create PDF files. The bug, discovered by the Information Security team at John Hopkins University's Applied Physics Laboratory, can result in a program crash with the potential to execute arbitrary code. It's a bad one, in other words.
Thankfully, the APL team followed reasonable reporting practices and reported the issue to Adobe; with forewarning about the issue before it becomes common knowledge the company was able to work on a
advisory of their own, as well as the all-important patch to render the bug harmless.
Coming less than a month after a similar scripting language flaw was revealed in the
Flash Player also produced by Adobe, it's clear that the company is going to have to do a bit of work on its image in the computer security world.
If you don't want to wait for your copy of Adobe Reader to prompt you, links to download updates for all affected versions are available on the
Adobe website.
Do you disable Javascript in your office applications by default, or is this something that could have caught you unawares? Share your thoughts over in
the forums.
Want to comment? Please log in.