[Steve]

Adobe has reported that a critical vulnerability has been identified in Adobe Reader and Acrobat 8.1.2. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. Adobe categorizes this as a 'critical' issue and recommends that users of Acrobat 8 and Adobe Reader install the 8.1.2 Security Update 1 patch. The flaw is already being exploited by attackers to spread Malware in the wild.

It plugs the vulnerability in the following Adobe products:

-Adobe Reader 7.0.9 and earlier
-Adobe Acrobat Professional, 3D and Standard 8.0 through 8.1.2
-Adobe Acrobat Professional, 3D and Standard 7.0.9 and earlier

Adobe Reader 7.1.0 and Acrobat 7.1.0 are not vulnerable to this issue.

If you have Adobe Reader installed, you can make it check for updates by launching it in an empty window from the [Start][Programs][Adobe Reader 8] menu and using the command [Help][Check for Updates]. This should collect and install the latest version. However, the update leaves Adobe Reader showing as version 'Adobe Reader 8.1.2' but it doesn't display this information that it's added 'Security Update 1' anywhere, so it's not possible to check the version other than by getting Adobe Reader to check for updates itself. If it reports that none are available, you have to assume that the 'Security Update 1' patch is already installed.

The latest Adobe Reader update is for both Microsoft Windows and Mac OS X systems. The newly released versions, Acrobat Reader 9 and Acrobat 9, are not vulnerable.