More threads by David Baxter PhD

David Baxter PhD

Late Founder
'Critical' flaw exposes Adobe Acrobat, Reader
Oct 10, 2007

PCs vulnerable to hacks; patch might not be available until late October

BOSTON - Adobe Systems, whose software is used by millions of people to read documents sent over the Internet, said some of its programs contain a flaw that makes personal computers vulnerable to attack.

In an Oct. 5 posting on its Web site, Adobe said the "critical" flaw is incorporated into versions of Adobe Reader and Acrobat software, and could allow malicious programs to get on to a PC without the user knowing about it.

Such programs can take control of a machine and steal confidential data, send out tens of thousands of spam e-mails or infiltrate government computer systems.

Adobe said it is working on software that will rectify the problem but that it might not be available until the end of October. That may not be fast enough to stop determined hackers, some experts say.

"Users should pressure Adobe to release a patch sooner than that," said Gadi Evron, a security expert at Beyond Security. He has organized three closed-door international conferences on efforts by governments and private companies to fight computer attacks.

Adobe's software has rarely had flaws that have made it the target of hackers, so its users tend to let their guard down when opening potentially dangerous documents, Evron said.

Recent examples of software flaws have corrupted eBay's Skype Internet telephone service and Time Warner's AOL instant messaging software. Hackers sometimes hide malicious software inside Microsoft Word documents and photo files, hobbling computers when users open them.

Officials with Adobe weren't immediately available for comment.

The flaw was brought to Adobe's attention by a report on the Internet, the company said on its Web site.

Until the problem is fixed, Adobe has posted instructions for how to work around the problem on its Web site. It involves changing settings in a database that controls the way Microsoft Windows operates.

Adobe said that PC users unable to program that database may need to wait until the software itself is fixed. The company said it will notify users of the fix on its Web site.

"In the meantime, Adobe recommends that Acrobat and Reader customers use caution when receiving unsolicited e-mail communications requesting user action, such as opening attachments or clicking Web links," the posting said.
Replying is not possible. This forum is only available as an archive.