- Nokia's new N97 vs. the iPhone
- Talk-powered cell phones?
- FBI: Copper thieves jeopardize U.S. infrastructure
- 10 Microsoft research projects
- Smartphone smackdown: Storm vs. iPhone
Adobe released on Wednesday an update that fixes vulnerabilities in its widely used Reader document viewing program.
Users are urged to upgrade to Version 8.1.2, available for download on Adobe's Web site.
Adobe has not given out details of the vulnerabilities, even though the company has a section on its Web site detailing security advisories for Reader.
That could indicate that the vulnerabilities are fairly serious and could result in a compromised PC, said Thomas Kristensen, CTOfor Secunia, a security vendor.
Secunia is performing a binary analysis of the old and new versions of Reader to figure out the vulnerabilities. However, that analysis takes one to three days, Kristensen said.
Kristensen said no proof-of-concept code has been seen yet and no attacks have been reported. But people should be especially cautious of PDFs, the common file type that Reader opens.
"PDFs are generally highly trusted," Kristensen said. "It's a common format for exchanging information."
Secunia estimates that more than 60% of home PC users have the Reader program, based on data from one of its software products that checks to see if programs have up-to-date patches. Corporate use of Reader is less, around 30%, because many companies use other business applications that can open PDFs, Kristensen said.
Hackers seized on PDFs last year after the disclosure of a protocol handling vulnerability involving Windows. The problem allowed them to create malicious PDF documents that would infect a PC with malicious software if opened.
Adobe officials could not be reached.
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment