Adobe Reader 9 critical security flaw

[GomJabbar]

Content edited.

Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009.

Reports have been published that disabling JavaScript in Adobe Reader and Acrobat can protect users from this issue. Disabling JavaScript provides protection against currently known attacks. However, the vulnerability is not in the scripting engine and, therefore, disabling JavaScript does not eliminate all risk.

Affected software versions
Adobe Reader 9 and earlier versions
Adobe Acrobat Standard, Pro, and Pro Extended 9 and earlier versions

Severity rating
Adobe categorizes this as a critical issue and recommends that users update their virus definitions and exercise caution when opening files from untrusted sources.

http://www.adobe.com/support/security/a ... 09-01.html

[GomJabbar]

Adobe Reader 9.1 is now out which fixes the aforementioned security vulnerability.

Tip: you can get just Adobe Reader 9.1 without Adobe Air and Acrobat.com from the ftp site.
For Adobe Reader only, download the smaller AdbeRdr910_en_US.exe 26,113 KB file.
ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1/enu/

Otherwise you can download normally from here: http://get.adobe.com/reader/

[killer]

Adobe Acrobat Reader did an automatic update this morning to my program.

[Marin85]

I have just updated Acorbat Pro v9 to the new version on Win 7, and now I´m receiving an error with tha message that I have to repair the installation...

[RealBlackStuff]

Just dump that bloated Acrobat Reader and install the much smaller, free Foxit Reader instead:
http://www.foxitsoftware.com/pdf/reader/

[Marin85]

Just dump that bloated Acrobat Reader and install the much smaller, free Foxit Reader instead:
http://www.foxitsoftware.com/pdf/reader/

I would have done this if the "Pro" version of Foxit Reader was free...

[Puppy]

Just dump that bloated Acrobat Reader and install the much smaller, free Foxit Reader instead:

With similar security bugs: http://secunia.com/advisories/34036/

Adobe Reader is not bloated if you install it from the FTP site and remove the useless "speed launcher". Does the Foxit finally supports full featured PDF format specification (which is about 900 pages) or just some subset ?

[Puppy]

New security flaw has been found today ! Both latest Adobe Reader and Adobe Flash are affected:

Adobe Reader/Acrobat SWF Content Arbitrary Code Execution - http://secunia.com/advisories/35949/
Adobe Flash Player Arbitrary Code Execution Vulnerability - http://secunia.com/advisories/35948/

No patches yet. Disable Flash Player (in any browser)

[Marin85]

No patches yet. Disable Flash Player (in any browser)

I have it enabled only when watching videos on youtube. I have it disabled most of the time as I found out that it frequently causes FF3 hangs with very high cpu usage And btw thus I don´t have to watch all the moving ads on websites...

Cheers,

Marin