About three weeks ago, word of an Adobe security flaw began to do the rounds. It has taken Adobe three weeks to finally get around to announcing the problem. The vulnerability allows a hacker to take control of a Windows XP system if it has IE7 installed. Considering the amount of people that run IE7, it is probably quite a lot of systems.
The vulnerability exists in Adobe Reader 8.1 (and previous versions) Acrobat Standard, Professional and Elements 8.1 (and previous versions) and Acrobat 3D. It is the reader vulnerability that makes this a particularly serious threat as the number of people using Acrobat is somewhat limited. What machine doesn’t have a copy of Adobe Reader installed? It is free and PDF is the format of choice for a lot of written material online.
Adobe has released a temporary solution. It involves making modifications to the Windows Registry, which tends to frighten away all but the power users. The good news is that a real fix is on the way and should be here before the end of October. Expect to see more of this type of vulnerability appearing in other programs and be careful where you click.
