Secunia – Adobe Offers Vulnerable Edition of Reader to Computer Users
Secunia, a Danish vulnerability tracking vendor, has said that Adobe gives access to an outdated edition of Reader to people who installed the famous application from its website.
The edition currently offered by Adobe for installation has around fourteen security vulnerabilities which have been fixed by Adobe over the past two months (May-June).
If a user looking to download Reader on his computer clicks on the PDF file at its website, the user's computer will be at risk as this edition has a number of vulnerabilities.
Secunia noticed the problem when some people used its Personal Software Inspector (PSI) utility, an application that helps in the identification of unpatched applications on Windows PCs, started complaining of finding vulnerable software. Although the users installed PDF viewer recently, the PSI utility warned of using a flawed version.
Mikkel Winther, Manager, PSI Partner Program, said that following the discovery of vulnerable Reader by PSI though it was the latest edition, there was some confusion about Adobe Reader among users, as reported by COMPUTERWORLD on July 20, 2009.
Hence, Adobe has been working on improving the security of Reader after it found a series of vulnerabilities in its most popular software. The company hasn't started to offer secure version of Reader on its website. While the company had made commitment of carefully scrutinizing its bugs earlier this year, Adobe is giving insecure version of Reader on its website.
Winther further said - the version presently hosted on the website of Adobe is Reader 9.1, a version that was issued on March 10 after fixing several holes which include one that had been consistently misused by hackers since January 9, 2009.
Since then, Adobe has released two security updates. The first had issued on May 12 to patch "zero-day" bug in Reader, whereas the second was released on June 9 to fix atleast 13 critical vulnerabilities reported by some outside researchers. The patches also included solutions for vulnerabilities discovered by Adobe's own security team.
Meanwhile, Secunia has asked computer users who have recently installed Reader to manually update the application by clicking on "Checks for Updates" from the "Help" menu.
Related article: Sixem Worm Striking World Cup
» SPAMfighter News - 07-08-2009