Adobe finally patches zero-day exploit

Acrobat and Reader 9.1 updated at last

Adobe has patched the zero-day exploit in its PDF readers, including Acrobat, that has given hackers an exploit for two months.

Adobe Reader 9.1 and Acrobat 9.1 have finally been patched to stop the JBIG2 security issue.

"Today, we posted the Adobe Reader 9.1 and Acrobat 9.1 update, which resolves the recent JBIG2 security issue (CVE-2009-0658), including the 'no-click' variant of the vulnerability," blogged Adobe's David Lenoe.

"We encourage all Adobe Reader users to download and install the free Adobe Reader 9.1."

No-click

The problem with the exploit has been exacerbated in recent links by the discovery that the user would not even have to click on a pdf file to put themselves at risk.

Adobe described the original exploit in a security alert saying: "A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions.

"This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited."

Via Computer World

ABOUT THE AUTHOR

Global Editor-in-Chief

Patrick (Twitter) is Global Editor-in-Chief for techradar, and has been with the site since its launch in 2008. He is a longstanding judge of the T3 Awards, been quoted or seen on everything from the The Sun to Sky News and is on the #CoolBrands Council. He started his career in football, making him one of approximately one journalists to have covered both a World Cup final and an iPhone launch.