Adobe released on Wednesday an update that fixes vulnerabilities in its widely used Reader document viewing program.
Users are urged to upgrade to version 8.1.2,
available for download on Adobe’s Web site.
Adobe has not given out details of the vulnerabilities, even though the company has a section on its Web site detailing security advisories for Reader.
That could indicate that the vulnerabilities are fairly serious and could result in a compromised PC, said Thomas Kristensen, chief technical officer for Secunia, a security vendor in Denmark.
Secunia is performing a binary analysis of the old and new versions of Reader to figure out the vulnerabilities. However, that analysis takes one to three days, Kristensen said.
Kristensen said no proof-of-concept code has been seen yet and no attacks have been reported. But people should be especially cautious of PDFs (Portable Document Format), the common file type that Reader opens.
“PDFs are generally highly trusted,” Kristensen said. “It’s a common format for exchanging information.”
Secunia estimates that more than 60 percent of home PC users have the Reader program, based on data from one of its software products that checks to see if programs have up-to-date patches. Corporate use of Reader is less, around 30 percent, since many companies use other business applications that can open PDFs, Kristensen said.
Hackers seized on PDFs last year after the disclosure of a protocol handling vulnerability involving Windows. The problem allowed them to create malicious PDF documents that would infect a PC with malicious software if opened.
Adobe officials could not be reached.