Adobe fixes Reader flaws
... but won't say what they are.
By Jeremy Kirk, IDG News Service | Published: 16:16, 06 February 2008
Adobe has fixed a vulnerability in its widely-used Reader document viewing program. Users are being urged to upgrade to version 8.1.2 on the Adobe website.
The company has not given out details of the vulnerabilities. That could indicate that the probles are fairly serious and could result in a compromised PC, said Thomas Kristensen, chief technical officer for Secunia, a security vendor in Denmark.
Secunia is performing a binary analysis of the old and new versions of Reader to figure out the vulnerabilities. However, that analysis takes one to three days, Kristensen said.
Kristensen said no proof-of-concept code has been seen yet and no attacks have been reported but added that PDFs could be a cause of concern. "PDFs are generally highly trusted," Kristensen said. "It's a common format for exchanging information."
Secunia estimates that more than 60 percent of home PC users have Reader. Corporate use of Reader is less, around 30 percent, since many companies use other business applications that can open PDFs, Kristensen said.
Hackers seized on PDFs last year after the disclosure of a protocol handling vulnerability involving Windows. The problem allowed them to create malicious PDF documents that would infect a PC with malicious software if opened.
Adobe officials could not be reached.
