Adobe Systems announced on its website the existence of critical vulnerabilities in its popular document viewing programs, Adobe Reader and Adobe Acrobat. The detected vulnerabilities affect only computers with the XP version of the Windows operating system, which use version 7 of the browser Internet Explorer.
Security flaws in both programs can allow an attacker to take complete control of a computer, remove confidential information, launch spam campaigns or participate in distributed attacks.
Adobe said it is already working on the development of countermeasures, but adds that these will only be available in late October. In the opinion of several computer security consultants, this represents too long a period of time, since it opens the possibility for the flaw to be exploited with malicious code meanwhile developed.
The flaws in Reader and Acrobat, now recognized by Adobe, were initially disclosed by a computer security company, forcing the manufacturer to take them up on its website on the same day, instead of announcing them only when they already had the respective solutions .
Adobe has published a guide containing a workaround and temporary solution aimed primarily at system administrators, advising ordinary users who are unable to implement it to wait for the future update of security.
2007-10-02 – Adobe starts distributing online productivity tools
2007-01-04 – Security flaw in Adobe Reader threatens reading PDF files
2007-03-28 – Adobe Creative Suite 3 products available this year