BleepingComputer.com: Adobe issues updates to Reader and Acrobat to address critical vulnerabilities

Adobe posted a security bulletin where they outline critical vulnerabilities in Adobe Reader and Acrobat that could allow a remote user or malicious program to gain control over your computer. To protect yourself, it is strongly advised that you download and install the latest version of Adobe Reader and Acrobat immediately. The current version is version 9.3 and can be downloaded at the link below.

Even if you do not use PDFs, having these programs installed on your computer while browsing the web puts your computer at risk. While browsing the web, a malware distributor or hacker could use use this vulnerability and allow hackers or malware to have full control over your PC. They do this by using Javascript exploits or Iframes to automatically open specially crafted malicious PDF files in the vulnerable Adobe Reader without your permission. Once the malicious PDF is loaded by Adobe Reader or Acrobat, it will execute the commands integrated into the PDF on your computer without your knowledge or permission. These commands could further download other malware onto your computer without your knowledge that open backdoors or steal your information.

Therefore please update Adobe Reader and Acrobat now!

Just curious, if you have FoxIt Reader installed as your default PDF reader, are you still vulnerable to the javascript exploits?

The exploits are not necessarily in javascript, but how the pdf is loaded.

I get this on that page for Adobe 9.3 link:-

Internet Explorer has stopped trying to restore this website. It appears that the website continues to have a problem.

Is there any other way to update my Adobe 8?

Ta!

Eddie

You can try opening reader and then under the help menu select check for updates.

Thanks for the quick reply Grinler!

I did try and got the info. that there are no new updates for Adpbe 8 ... which is probably true!

I am tempted to turn off DEP on Internet Explorer for just long enough to get this update/new program.

Will let you know how I get on.

Eddie

Very odd. Turned off DEP but IE8 still stopped the webpage; but noy quickly enough and got the Adobe Downlaod Manager. Ran that and Abode 9.3 installed OK ... removing Adobe 8 as it did so. All seems normal now. Wish I knew why it all happened as it did!

Ta! again for your swift help Grinler. Sorry I canot supply a useful suggestion/solution for anyone else who esperiences same problem.

Eddie

Took me a few tries to get to the web page, but I did finally get 9.3. Also not sure if this is a reoccurring problem, but when i went to Adobe -> Help -> Check For Updates it told me "There are no updates at this time." (or something along those lines.) Figured i warn people that even though they may get this message they could still have the vulnerable version.

Thanks for the timely security warning Grinler.

Clicking on the first Adobe Link Link: Adobe APSB10-02 Security Bulletin took me to the FBI home page which featured an article about scam popups.
Interesting.
Second link went directly to Adobe 9.3 download. How can I be sure it's the genuine Adobe site? And is it possible to download the simple Reader - all of their flourishes eat up more memory than I can spare.

Those links are legit. As for the extras, just dont install them when they ask and you will just get reader.

Those seeking to find a PDF reader without all the Adobe bloat have some choices. PDF X-Change Viewer and Foxit Reader are two of the most popular alternative PDF readers. I use X-Change Viewer myself.