According to the Washington Post, Computer Security firm Purewire reports that this exploit has been around since at least July 9 of this year, but that Adobe was aware of the bug since at least December 2008.
FireEye provides a detailed look at the concepts behind this vulnerability.
Anybody who is looking for free alternatives to the Adobe Reader may in the meantime evaluate the open-source Sumatra PDF Viewer (even though some users perceive it as too limited) or Foxit Reader (which is less demanding on the system resources than Adobe Reader) or PDF-XChange Viewer (a little more of a heavy-weight than Foxit Reader, but still not as demanding as Adobe Reader, for those rare occasions when Foxit is lacking a feature).
To prevent automatic execution of Flash content within their browser, Firefox users may also use the free NoScript add-on.
To disable Flash in Adobe Reader 9 on Windows platforms, US-CERT recommends to rename the following files:
- “%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll”
- “%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll”
As Computerworld reports, anybody who is only now installing Adobe Reader should be aware that Adobe’s policy is to only put single dot releases on its download site (e.g. 9.0 and 9.1), which in this particular case contain several security flaws. The double dot releases (e.g. 9.1.1 and 9.1.2) are only available as patches once the applicable full release has already been installed. So, make sure you check for patches by going to
Help > Check for Updates
