Critical Vulnerability in Adobe Reader and Acrobat
Adobe has issued a security advisory warning about a “critical vulnerability” in all fully patched versions of Adobe Reader 9 and earlier, and in Adobe Acrobat 9 and earlier. Although the security advisory makes no specific mention of the Mac, previous vulnerabilities have been cross-platform, so there’s no reason to believe this one will be any different. Adobe expects to issue an update for the latest versions of Adobe Reader and Acrobat by 11-Mar-09.
Details of the vulnerability? A malicious PDF could cause the affected application to crash and could potentially allow an attacker to take control of the computer. I know that’s what we always say, but in this case, there are reports of this vulnerability being exploited in the wild, at least in the Windows world.