Bug in Adobe Reader Could Endanger Your PC
We’re not just talking about your mom’s e-books. Adobe says hackers have used this flaw in targeted attacks against at least one U.S. defense contractor.
Some sharp computer nerds at Lockheed Martin and the Defense Security Information Exchange, a defense-industry alliance created to quickly respond to cyber-threats, spotted the vulnerability and alerted Adobe. Adobe says the flaw is being actively exploited, though only on Windows.
This vulnerability highlights one of the problems that PDFs face. They’re simple, adaptable and almost universally accessible. That wide-ranging usability makes them the perfect Trojan horse for hackers. After all, everyone on almost every platform has a PDF reader, so sometimes evildoers hide malicious code in PDF files that users can easily unwittingly open.
Reader software has built-in security to guard against malware, but sometimes this security has holes.
The flaw exists in both current and past versions of Adobe Reader, but it’s the earlier apps that are most vulnerable. Adobe Reader X (10.1.1) has the flaw in both Windows and Mac platforms, but it won’t be a problem if you open documents in protected mode (the default). Earlier versions (both Windows and Mac) of Reader have the vulnerability, and it’s being exploited in 9.x software for Windows. Adobe says it’ll have a fix for those no later than Dec. 12, 2011. Fixes for Unix versions and the unprotected mode of Adobe Reader X will come by January 12, 2012.
Of course, the easiest way to protect yourself is to simply download and install Adobe Reader X right now, and leave those defaults alone. You have been warned.