A new critical vulnerability has been discovered in Adobe Acrobat and Reader 9 (and earlier versions, too), which could allow attackers to cause a vulnerable application to crash or execute arbitrary code by tricking a user into opening a specially crafted PDF file.
According to Adobe's advisory a fix is scheduled for March 11th, 2009. If you don't want to wait that long, I suggest you go for one of the many (free) alternatives (like Foxit Reader or SumatraPDF) which are not affected.
Quote:
Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow. In the meantime, Adobe is in contact with anti-virus vendors, including McAfee and Symantec, on this issue in order to ensure the security of our mutual customers. A security bulletin will be published on http://www.adobe.com/support/security as soon as product updates are available.
|
Link:
Adobe advisory