Adobe has released a fix for the flaw I wrote about a few weeks ago.
The patch fixes a bug that exposed Windows XP users to attackers sending PDF files containing viruses and maleware. If you search across the net, you will find that numerous exploits are running in the wild.
Here is the short version from Adobe on the issue:
Critical vulnerabilities have been identified in Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system…….it is recommended that affected users update to Adobe Reader 8.1.1 or Acrobat 8.1.1. Adobe will be providing an update to Adobe Reader 7.0.9 and Acrobat 7.0.9 at a later date. Adobe Reader 6.X and Acrobat 6.X are not vulnerable to this issue.
So you see, you need to upgrade to 8, if you have version 7…since they don’t have an update yet and they probably never will.
I feel that Adobe is getting very complacent. This is not the first vulnerability like this…it is one of many. It seems like every 6 months there is a new one. At this time I see having Acrobat reader on my network a serious security issue, and I no longer allow it.
I suggest using alternatives, such as:
1. FoxIt Reader – Lots of features
2. Sumatra Reader – Very small exe…and very fast
If you must use Adobe Acrobat reader, I would update to 8.1.1 as soon as possible.