Adobe Acrobat and Reader Repaired

Whether you're aware of it or not, Adobe's Acrobat and Reader programs recently exposed Windows XP users to nasty malware exploits. Thankfully, Adobe Systems Inc. has now announced that a patch has been made available.

The new fix is included in vital updates to Reader, the company's free PDF utility, and Acrobat, its fleshed-out, full-featured program. Patches to both are unceremoniously named Version 8.1.1.

So, who is at risk?

The central flaw exposes Windows XP users to exploits taking the form of malicious PDF files. More specifically, the code attempts to disable the Windows Firewall before downloading a Trojan remotely. (Source: zdnet.com)

An Adobe bulletin on the subject stated the following:

"Critical vulnerabilities have been identified in Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system...A malicious file must be loaded in Adobe Reader or Acrobat by the end user for an attacker to exploit these vulnerabilities." (Source: pcworld.com)

Adobe has tried to downplay the threat by stating that the only users who must use caution are those running Windows XP with Internet Explorer 7 installed. Unfortunately, this presents an enormous group of people, given the maintained popularity of both the operating system and the browser.

So, how long has the threat existed?

Although kept quiet, the bug first showed about two weeks ago when Adobe admitted the exploit existed. Even before that, however, U.K. researcher Petko Petkov remarked that attackers could cause some serious damage if they could only convince users to open malicious PDF documents. It's unclear whether Microsoft or Adobe took his warnings seriously.

For their part, Microsoft has admitted that XP and Windows Server 2003 struggle to handle Uniform Resource Identifiers, but have pledged to make a fix. It has yet to materialize.