April 28, 2009 (Computerworld) Adobe Systems Inc. today confirmed that it's investigating reports that its popular PDF viewing software, Adobe Reader, contains a critical vulnerability.
The bug was first disclosed yesterday on the SecurityFocus site
, which posted a link to proof-of-concept attack code. "An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application," said the advisory.
According to SecurityFocus, the most up-to-date versions, Reader 9.1 and Reader 8.1.4, are vulnerable. The Linux versions definitely have the bug, and versions for other platforms -- Adobe also provides Reader for Windows and the Mac -- may be at risk as well.