Adobe Updates Reader to Mend Unspecified Security Problems
Adobe issued on February 6, 2008 a security update that mends flaws in its popular Reader document viewing software. The company has urged users to upgrade to the latest version 8.1.2 that could be downloaded from Adobe's Website.
Aside repairing various stability and performance issues, Adobe Reader 8.1.2 also plugs several mystery security holes.
Although Adobe's Website provides a section detailing Reader's security advisories, the company has not declared the details of its security flaws in Reader.
This absence of information has indeed surprised certain security researchers. For, it hints that the flaws are possibly quite serious and might lead to compromise of personal computers, said Chief Technical Officer Thomas Kristensen at Secunia, a Denmark-based security vendor. Info World published Kristensen's statement in news on February 6, 2008.
Kristensen added that he was surprised not to find further details about the update, which is fairly unlike of Adobe. He said that Adobe's previous security-related releases provided information about the corresponding security problems whereas the latest update lacked such information.
Thomas Kristensen further said that PDF (Portable Document Format), which is a common platform for communicating information, is generally very trusted.
According to statistics from the Personal Software Inspector tool of Secunia, 61% of all users of Reader need to install the new security patch. The Denmark-based Security Notification Company notes about the update that it is not usual for Adobe and the broader software industry as it skips information on the security problems it addresses.
In a statement that PC World published in its report on February 6 2008, Thomas Kristensen said that Secunia was simultaneously analyzing the earlier and later editions of Reader to determine the security flaws. The company, however, hasn't yet found a proof of concept code and there hasn't been any report of attack. But it advises people to exercise caution with PDF, the normal file type opening in Reader.
Hackers, last year (2007), took advantage of PDFs vulnerability in protocol handling that was discovered in Windows. The issue let them construct malicious PDF documents that infected a computer with malware if opened.
Related article: Adobe Rates Acrobat Vulnerabilities “Critical”
» SPAMfighter News - 15-02-2008