Adobe fixes critical flaws in Reader, Acrobat

In its first official monthly bulletin of security patches, Adobe has remedied 13 vulnerabilities that could have allowed an intruder to take over a computer
Written by Nick Booth, Contributor

Adobe has released patches for 13 holes in its popular Reader and Acrobat software products, some of them critical.

In a security advisory issued on Tuesday, the software maker fixed vulnerabilities in Adobe Reader 9.1.1, Acrobat 9.1.1 and earlier versions. The advisory marks the first of what Adobe promises will be a quarterly release of retrospective fixes, which coincides with Microsoft's Patch Tuesday.

In its bulletin, Adobe said: "These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system."

Windows and Mac users of affected Adobe Reader and Acrobat software are being urged to move to other editions. People using version 9 are instructed to move to versions 9.1.2, while users of version 8 should move to 8.1.6, and those using version 7 should move to 7.1.3. Unix patches are to follow on 16 June, Adobe said.

The patches are needed because PDFs and Acrobat documents have become the conduit for rogue software that turns a user's PC into part of a botnet, warned Matt Watchinski, director of vulnerability research at security vendor Sourcefire, who alerted Adobe to the problem.

Adobe has become a target for hackers, Watchinski suggested. "The sharks can smell blood in the water," he said.

Though absolving Adobe of blame for becoming the target of hackers, he said the company's procedures for fixing faults could be tightened up. "I really hope Adobe steps up," he said.

Alex Essier, a security engineer at vendor Qualys, called on Adobe to be more proactive and communicative. "They need to show more regular patches to show they care," he said. Adobe was unable to respond to these comments at the time of publication.

Meanwhile, one analyst said the problem of patches exposes a more fundamental weakness in today's computers. "Surely we should now be at a stage where we don't have to constantly update and reboot our computers every few hours," said Rob Bamforth, principal analyst at Quocirca. "It's getting very counterproductive constantly having to restart our machines."

Editorial standards