After weeks of swinging and missing on proper response to a gaping security hole in its ever-present PDF Reader software, Adobe has finally shipped a patch but only for some affected users.
On the same day Microsoft issued its scheduled batch of patches, Adobe dropped a security bulletin warning of a "critical" vulnerability in Adobe Reader 9 and Acrobat 9 and earlier versions. However, if you are a user of one of those "earlier versions," you'll have to wait at least for another week.
The Adobe bulletin explains the severity:
- This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.
Only Adobe Reader 9 and Acrobat 9 is patched.
- Adobe is planning to make available updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, by March 18. In addition, Adobe plans to make available Adobe Reader 9.1 for Unix by March 25.