Adobe has issued a patch for a flaw in its Reader and Acrobat PDF software, weeks after the serious, already-exploited vulnerability was discovered but the fix is just for the latest versions.
The flaw crashes systems, letting hackers take control. Adobe has admitted that the flaw has already been used by hackers. Sourcefire researcher Lurene Grenier released her own fix just days after the vulnerability was discovered in mid-February.
Adobe yesterday posted updates for Adobe Reader 9.1 and Acrobat 9.1, fixing the flaw as well as a more serious "no-click" version of the vulnerability.
Anyone using older versions of both Reader and Acrobat will have to either upgrade to 9.1 or wait until 18 March, Adobe said. Unix users of Adobe Reader 9.1 will have to wait until 25 March for a fix.
As before, Adobe told such users to look to anti-virus for protection in the meantime. Click here to download the Adobe update.
-
The global server market is boomingNews Surging infrastructure investment and demand for embedded GPU hardware are fueling huge growth
-
HackerOne eyes enterprise growth with double C-suite appointmentNews Seasoned industry executives Stephanie Furfaro and Stacy Leidwinger have joined the cyber security vendor’s executive team
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
Hackers are stepping up ‘qishing’ attacks by hiding malicious QR codes in PDF email attachmentsNews Malicious QR codes hidden in email attachments may be missed by traditional email security scanners, with over 500,000 qishing attacks launched in the last three months.
-
Beat cyber criminals at their own gameWhitepaper A guide to winning the vulnerability race and protection your organization
-
Same cyberthreat, different storyWhitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
Warning issued over “incomplete” fix for Adobe ColdFusion vulnerabilityNews An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned
-
Three steps to transforming security operationsWhitepaper How to be more agile, effective, collaborative, and scalable
-
Should your business start a bug bounty program?In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
