Adobe has issued a patch for a flaw in its Reader and Acrobat PDF software, weeks after the serious, already-exploited vulnerability was discovered but the fix is just for the latest versions.
The flaw crashes systems, letting hackers take control. Adobe has admitted that the flaw has already been used by hackers. Sourcefire researcher Lurene Grenier released her own fix just days after the vulnerability was discovered in mid-February.
Adobe yesterday posted updates for Adobe Reader 9.1 and Acrobat 9.1, fixing the flaw as well as a more serious "no-click" version of the vulnerability.
Anyone using older versions of both Reader and Acrobat will have to either upgrade to 9.1 or wait until 18 March, Adobe said. Unix users of Adobe Reader 9.1 will have to wait until 25 March for a fix.
As before, Adobe told such users to look to anti-virus for protection in the meantime. Click here to download the Adobe update.
-
Building enduring channel partnerships in a multi-generational IT environmentIndustry Insights Partners are evolving from sellers to strategic advisors, prioritizing customer outcomes
-
What can AI do to empower those working in the legal sector today, tomorrow, and beyond?Supported AI is transforming the legal profession — from streamlining today’s workflows to shaping tomorrow’s strategies. For firms, the choice is clear: embrace trusted AI tools now or risk falling behind in a rapidly evolving landscape
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
Hackers are stepping up ‘qishing’ attacks by hiding malicious QR codes in PDF email attachmentsNews Malicious QR codes hidden in email attachments may be missed by traditional email security scanners, with over 500,000 qishing attacks launched in the last three months.
-
Beat cyber criminals at their own gameWhitepaper A guide to winning the vulnerability race and protection your organization
-
Same cyberthreat, different storyWhitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
Warning issued over “incomplete” fix for Adobe ColdFusion vulnerabilityNews An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned
-
Three steps to transforming security operationsWhitepaper How to be more agile, effective, collaborative, and scalable
-
Should your business start a bug bounty program?In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
-
Accessing the XDR realmWhitepaper A guide for MSPs to unleash modern security
