Security Alert: Critical Patches to Adobe Reader & Acrobat

We'll make this a quick update: go patch your Adobe Reader / Adobe Acrobat. Now.

In fact, don't even bother reading the rest of this 'til you've updated.

Here's where to get the latest versions:


OK, so if you're still reading, you must've patched your Acrobat / Reader.

If not, you're in, "big, big trouble," as Mom would say.

The Register gives the scoop on the Adobe critical update, saying,

Version 9.4.6 of the programs fix two memory-corruption bugs that Adobe says are 'being actively exploited in limited, targeted attacks in the wild' against machines running Windows.

"The same bugs are present in Mac and Unix versions of the applications, but there are no reports of machines running them being exploited.

"The bugs are also present in Reader X for Windows, but a security sandbox, which Adobe added last year to minimize the damage that results from code flaws, prevents the attacks from working.

We haven't yet seen the exploit ourselves yet, so we don't know if the latest antivirus software updates protect against it, but (again thanks to The Register) we do know, ...researchers from antivirus provider Symantec [maker of Norton Antivirus]warned that email-born attacks exploiting the flaw to install the Backdoor.Sykipot were detected as early as November 1.

So, if Symantec has been aware of this for more than six weeks, chances are good their software--and that of the other top antivirus software makers--is already protecting against these exploits.

With that in mind anytime I hear that attacks are being exploited in the wild, it means two things: update the affected software and double check that my antivirus software is updated.