Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Audio & Video Business Center Cameras Cell Phones & PDAs Desktop PCs Gadgets Gaming HDTV Laptops Macs & iPods Monitors Printers Software Spyware & Security Storage Upgrading Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Today at PC World
Today @ PC World
News, opinion, and links from the PC World staff.
Recent entries in this blog:
Tuesday, October 23, 2007 4:50 PM PT Posted by Stuart Johnston

Get Fixes for Adobe's Holes

As it had promised, Adobe has released an update to its Acrobat/Reader that patches serious security bugs in the way the software handles Portable Document Format (PDF) files. In early October, Adobe acknowledged the problem -- after security researcher Petko Petkov first revealed the existence of the hole (or holes) in late September.

But, at that time, all the company could offer was a complicated workaround and a promise that it was working to ship a patched version to plug what Adobe says now are actually multiple holes.

Luckily, Petkov did the responsible thing and did not release his proof-of-concept exploit. Neither did he explain precisely what the problems are, other than to say that a malicious PDF file could result in your PC being taken over "Completely!!! Invisibly and unwillingly!!!"

Now, however, Adobe is shipping the patched release, which is numbered version 8.1.1. Previous versions, including the previous most recent release, 8.1, are vulnerable. (The company plans to release an update to Adobe Reader 7.0.9 and Acrobat 7.0.9 at a later date for those who can't upgrade to version 8.)

According to Adobe's original security advisory, if you're running Windows Vista, you have nothing to worry about from this bug. It only leaves you exposed if, like most of us, you're still running Windows XP with Internet Explorer 7.

Adobe's new advisory, which includes a link to the patched version, also demonstrates what a small world it is. The problems, it says, are related to Microsoft's "URI handler" problems with IE7 that we've been talking about since July.

In fact, you may recall that, less than two weeks ago, Microsoft finally acknowledged it has some culpability in that whole URI handler mess. It issued a security advisory and said it is in the testing phase of a patch for its part of the problem.

While we're waiting for Microsoft to catch up, you might as well update Adobe Acrobat/Reader. You never know when some cracker will figure out how to exploit those holes and you don't want to be caught flat footed. Besides, we don't know for certain that just patching Microsoft's end of things will block all exploits. Better to be safe.

Get more information and a link to the patch at Adobe's security bulletin.

Comments
Post a comment Post a comment
Recent Posts
More Bad News for Blu-Ray
McCain Pushes Fair Use on YouTube
Firefox Update Enters Beta
Googling Is Good For Your Brain
Apple vs. the Economy: Can the New Macs Really Sell?
Motorola, Verizon Deliver ZN4 Touch-Screen: Krave
Pimp Your Flip Mino with Customizable Designs
Archives
View posts from:
 

PC World's Marketplace

PC World's Free Whitepapers

QUICK LINKS: cheap laptops cell phones laser printers HDTV reviews LCD TV Plasmas digital cameras laptop reviews security antivirus windows vista reviews digital camera reviews inexpensive desktop LCD wide screen monitors
tech news tech blogs community & forums laptop prices software reviews downloads
About UsContact UsAdvertiseASME GuidelinesNewslettersFAQIDG InternationalMagazine Customer Service
© 1998-2008, PC World Communications, Inc.Terms of Service AgreementPrivacy PolicyCommunity Standards
RSS FeedsXML

Visit other IDG sites: