Adobe finally patches PDF flaw

Adobe has issued a patch for a flaw in its Reader and Acrobat PDF software, weeks after the serious, already-exploited vulnerability was discovered but the fix is just for the latest versions.

The flaw crashes systems, letting hackers take control. Adobe has admitted that the flaw has already been used by hackers. Sourcefire researcher Lurene Grenier released her own fix just days after the vulnerability was discovered in mid-February.

Adobe yesterday posted updates for Adobe Reader 9.1 and Acrobat 9.1, fixing the flaw as well as a more serious "no-click" version of the vulnerability.

Anyone using older versions of both Reader and Acrobat will have to either upgrade to 9.1 or wait until 18 March, Adobe said. Unix users of Adobe Reader 9.1 will have to wait until 25 March for a fix.

As before, Adobe told such users to look to anti-virus for protection in the meantime. Click here to download the Adobe update.