Critical security update for Adobe Reader and Acrobat

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Adobe logo
Adobe has issued a security bulletin urging users of its Adobe PDF Reader and Acrobat products to update their software before hackers take advantage of two critical vulnerabilities.

Adobe Reader 9.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3 for Windows and Macintosh, and Adobe Reader 8.2 and Acrobat 8.2 for Windows and Macintosh are vulnerable to a flaw that could be exploited by hackers to make unauthorised cross-domain requests. This same vulnerability was revealed in Adobe Flash Player last week.

Meanwhile, another flaw could give hackers an opportunity to inject malicious code onto computers via vulnerable installations of Reader and Acrobat.

As we’ve mentioned many times before, it’s essential that you keep your installations of Adobe’s software up-to-date as they are increasingly being taken advantage of by hackers to launch attacks.

Sign up to our free newsletter.
Security news, advice, and tips.

Adobe recommends users of Adobe Reader 9.3 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.1 if possible. Similarly, Adobe Acrobat should be updated to version 9.3.1. It’s a shame, therefore, that Adobe’s Reader advisory makes such a bad job of linking to the right files.

For instance, the link it is giving for the Mac update actually links to a page full of Windows files:

A not entirely helpful link for Mac users

Hopefully Adobe will sort that out soon, and make it clearer where users can download the right patches for their operating system from. I, for one, am still finding it difficult to locate Adobe Reader 9.3.1.

Update: Thanks to Adobe’s @bradarkin who managed to get the broken Mac link fixed.

It turns out that part of my difficulty in finding Adobe Reader 9.3.1 is that Adobe isn’t listing its updates on its website in chronological order (“for reasons unknown”).

Adobe Reader updates


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.