Security & Privacy + Software & Apps

Adobe has released a security update for Acrobat Reader and Acrobat Professional, for all platforms, versions 8.0 through 8.1.2 and versions 7.09 and earlier. As the Adobe security advisory says, “A critical vulnerability has been identified in Adobe Reader and Acrobat 8.1.2. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system.”

But this is yet another Javascript vulnerability in Acrobat, and security researchers are questioning why this happens so often. Andrew Storms, director of security operations at nCircle Network Security, quoted on Computerworld , said, “With this many JavaScript bugs in Acrobat, one begins to ask questions. Why would a full, thick application like Acrobat need to be using JavaScript, especially when JavaScript in the browser has historically been a target for hackers? And since JavaScript has been a target for so many years, why hasn’t Adobe flushed out these vulnerabilities already?”

It’s true that Acrobat is regularly updated for security reasons; perhaps more so than it should be. But with PDFs offering more advanced features (such as links to websites), it’s probably no surprise that vulnerabilities are being turned up.

Mac users certainly don’t need to use Acrobat, since Preview, the tool included with Mac OS X, performs most of the actions that one needs when viewing PDFs. However, Acrobat Pro is needed for advanced PDF creation. While Mac OS X can create PDFs from any document, there are few options available to refine and slim these files.

So if you use Acrobat, make sure to download this latest update. With the ease at which people download and open PDF files from the web, this is one program that you want to be sure of.