Adobe Reader exploit prompts Adobe update alert
March 10, 2010
According to Microsoft's Threat Research and Response blog, its researchers have discovered a circulating PDF-based attack that hooks into the publicised flaw, CVE-2010-0188, to download a Trojan backdoor capable of taking control of the affected system. The warning relates mainly to Adobe Acrobat and Reader up to 9.3.0 for Windows, Apple and Unix. older versions of Acrobat and Reader, 8.2.0 (used by anyone unable to update to 9.3.x), are also affected on Windows and Apple and should be patched to 8.2.1. Anyone running the latest version of Acrobat or Reader, 9.3.1, is immune to the issue which was patched with unusual haste on by Adobe on 16 February. By reacting so quickly, Adobe seems to have learned the lessons of the last year when it tended to patch only in regular cycles, which often left users exposed to emerging exploits for inconvenient periods to time. It also issued the patch as an automatic update - activated without user intervention - rather than rely on the manual update process.