Adobe finally patches zero-day exploit
11th Mar 2009 | 09:21
Acrobat and Reader 9.1 updated at last
Adobe has patched the zero-day exploit in its PDF readers, including Acrobat, that has given hackers an exploit for two months.
Adobe Reader 9.1 and Acrobat 9.1 have finally been patched to stop the JBIG2 security issue.
"Today, we posted the Adobe Reader 9.1 and Acrobat 9.1 update, which resolves the recent JBIG2 security issue (CVE-2009-0658), including the 'no-click' variant of the vulnerability," blogged Adobe's David Lenoe.
"We encourage all Adobe Reader users to download and install the free Adobe Reader 9.1."
The problem with the exploit has been exacerbated in recent links by the discovery that the user would not even have to click on a pdf file to put themselves at risk.
Adobe described the original exploit in a security alert saying: "A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions.
"This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited."
Via Computer World