Adobe has issued a patch for a flaw in its Reader and Acrobat PDF software, weeks after the serious, already-exploited vulnerability was discovered but the fix is just for the latest versions.
The flaw crashes systems, letting hackers take control. Adobe has admitted that the flaw has already been used by hackers. Sourcefire researcher Lurene Grenier released her own fix just days after the vulnerability was discovered in mid-February.
Adobe yesterday posted updates for Adobe Reader 9.1 and Acrobat 9.1, fixing the flaw as well as a more serious "no-click" version of the vulnerability.
Anyone using older versions of both Reader and Acrobat will have to either upgrade to 9.1 or wait until 18 March, Adobe said. Unix users of Adobe Reader 9.1 will have to wait until 25 March for a fix.
As before, Adobe told such users to look to anti-virus for protection in the meantime. Click here to download the Adobe update.
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
Hackers are stepping up ‘qishing’ attacks by hiding malicious QR codes in PDF email attachmentsNews Malicious QR codes hidden in email attachments may be missed by traditional email security scanners, with over 500,000 qishing attacks launched in the last three months.
-
Beat cyber criminals at their own gameWhitepaper A guide to winning the vulnerability race and protection your organization
-
Same cyberthreat, different storyWhitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
Warning issued over “incomplete” fix for Adobe ColdFusion vulnerabilityNews An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned
-
Three steps to transforming security operationsWhitepaper How to be more agile, effective, collaborative, and scalable
-
Should your business start a bug bounty program?In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
-
Accessing the XDR realmWhitepaper A guide for MSPs to unleash modern security
