14 DAY TRIAL // Adobe Reader is surely the most popular program that allows you to view, print, search, sign, verify, and collaborate on PDF documents. Because the PDF format is more and more used, almost every user of the Internet already installed Adobe Reader. Even if the program is so popular, recently the application was affected by a lot of vulnerabilities that could allow attackers to control your computer.
The last security flaw discovered in Adobe Reader was reported yesterday and concerned multiple versions of the software solution; Adobe Reader 7.0.8 and earlier versions, Adobe Acrobat Standard, Professional and Elements 7.0.8 and earlier versions and Adobe Acrobat 3D for all available platforms.
Adobe confirmed the security flaw, rating it as critical and added that the user must open a malicious file to allow the attacker to control his computer. The company also said that all affected users must update their application to the version 7.0.9 or to 8.0 to avoid the exploitation of the issue.
"An update is available for a cross-site scripting (XSS) vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat that could allow remote attackers to inject arbitrary JavaScript into a browser session. This vulnerability, previously reported in APSA07-01 on January 4, 2007, has been assigned an important severity rating. This issue is specific to Windows and Linux operating systems. Exploitability depends on the browser and browser version being used. This vulnerability does not allow execution of binary code. This issue is remotely exploitable. Adobe has provided workarounds for website operators to prevent the cross-site scripting vulnerability from the server side," Adobe said in the security advisory.
Adobe Reader was also tested by Softpedia and the latest version of the application is available as a free download HERE.