Adobe announced yesterday, both here and here, the Adobe Reader includes a preliminary non-specific security hole that allows execution of arbitrary code on the computer.
The vulnerability exists in versions 9.1.3 and earlier for most operating systems. It should have been reports that the vulnerability is already actively exploited, albeit to a limited extent. This has been the security company Secunia to characterize the vulnerability as extremely critical.
According to Adobe shall not users of Adobe Reader and Acrobat 9.1.3 with Windows Vista may be affected by the vulnerability, if DEP (Data Execution Prevention) is enabled in the operating system.
There will also be able to help to turn off JavaScript support in Adobe Reader. There is a separate page for this under the user settings in the program. It is expected that the antivirus software will be able to add filters that block the PDF files that exploit the vulnerability.
Adobe plans to release a quarterly security update to Adobe Reader already on the 13 October. This shall include, among other things, a security fix that removes the aforementioned vulnerability.
The updates will be made available for Adobe Reader and Acrobat 9.1.3, 8.1.6 and 7.1.3.
Until the security updates are available and are installed, users are asked not to open the PDF documents you do not know the origin.
