Until now, PDF files were considered safe, posing no risks to users. For that reason and its transmission quality, PDF has become an industry standard for Internet documents.
But a vulnerability, discovered by Shadow Penguin Security, could allow malicious code to be included within a PDF file due to a buffer overflow error. So far, no customers have reported any problems. If the vulnerability is exploited, it could cause Acrobat to crash and run arbitrary code.
The fix, Update 2, works with Acrobat 4.05 and includes all bug fixes in Update 1. The machine must be operating on Acrobat 4.05. Before installing Update 2, previous versions must be upgraded. The update does not address Macintosh and Unix versions of Acrobat, since the potential security hole isn't found on those platforms.
Another word of caution: Hackers are distributing fraudulent Adobe security patches via e-mail. The company says the fix is only available at its Web site.