Adobe has issued a patch for a flaw in its Reader and Acrobat PDF software, weeks after the serious, already-exploited vulnerability was discovered but the fix is just for the latest versions.
The flaw crashes systems, letting hackers take control. Adobe has admitted that the flaw has already been used by hackers. Sourcefire researcher Lurene Grenier released her own fix just days after the vulnerability was discovered in mid-February.
Adobe yesterday posted updates for Adobe Reader 9.1 and Acrobat 9.1, fixing the flaw as well as a more serious "no-click" version of the vulnerability.
Anyone using older versions of both Reader and Acrobat will have to either upgrade to 9.1 or wait until 18 March, Adobe said. Unix users of Adobe Reader 9.1 will have to wait until 25 March for a fix.
As before, Adobe told such users to look to anti-virus for protection in the meantime. Click here to download the Adobe update.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
Hackers are stepping up ‘qishing’ attacks by hiding malicious QR codes in PDF email attachmentsNews Malicious QR codes hidden in email attachments may be missed by traditional email security scanners, with over 500,000 qishing attacks launched in the last three months.
-
Beat cyber criminals at their own gameWhitepaper A guide to winning the vulnerability race and protection your organization
-
Same cyberthreat, different storyWhitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
Warning issued over “incomplete” fix for Adobe ColdFusion vulnerabilityNews An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned
-
Three steps to transforming security operationsWhitepaper How to be more agile, effective, collaborative, and scalable
-
Should your business start a bug bounty program?In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
-
Accessing the XDR realmWhitepaper A guide for MSPs to unleash modern security
