1 Reply Latest reply on May 8, 2009 7:07 AM by TLC-IT

    Adobe reader 9 security problem?


      Yes, i recently read about this security problem with the PDF.  I would like to know what if anything has/is being done about it and does it affect all computers or just the corporate ones?  I also read there was a patch coming out about this and I would like to know where and how to get it if it is necessary.

        • 1. Re: Adobe reader 9 security problem?
          TLC-IT Level 2

          Well, don't let this scare you ... ... but a lot of software vulnerability information is out there if you just know where to look.


          Probably the most definitive source is the US CERT Vulnerabilities Database which is searchable at http://www.kb.cert.org/vuls/html/search.


          This database is maintained by the "United States Computer Emergency Readiness Team (CERT)" at Carnegie-Mellon University.  It's not the only database out there, but it's one of the best.


          Another thing to bear in mind is that Adobe has many large government contracts ... a huge amount of government documentation (e.g. IRS forms) are produced using PDF.  Therefore, you know that Adobe is informed when a vulnerability is discovered, and it has a positive-duty to participate in looking for them as well as resolving them.  If you keep your systems up-to-date you can expect that patches for them will be timely included.  (I am not, of course, saying that these expectations will invariably be met!)  Software development organizations do maintain, although they do not routinely externally publish, problem/resolution databases that are integrated into their version-control systems.


          Digging just a little bit deeper, I see that Adobe maintains "security advisories" among its support-page options.  (I see that the CERT advisories refer to these URLs.)  So, the information you are looking for is out there, and I'm sure that Adobe Support (note: I do not work for them...) can help answer specific questions ... especially if you have something like a CERT Advisory Number to refer to.


          Many folks imagine that software companies try to conceal their vulnerabilities, when in fact the exact opposite is true:  there is no such thing as "security by obscurity."  White-hat people work very studiously to "get the word out."  It is an international effort.


          It can be a bit disconcerting at first to see literally thousands of reports (some open, some closed) concerning a well-established product that you use every day.  Any exploit or vulnerability, realized or imagined, practical or theoretical, goes into that database:  "Knowledge is Power."