CNET's spyware, viruses, & security forum is the best source for finding the latest news, help, and troubleshooting advice from a community of experts. Discussions cover how to detect, fix, and remove viruses, spyware, adware, malware, and other vulnerabilities on Windows, Mac OS X, and Linux.
Platform: All Platforms Affected software versions
Adobe Reader 7.0.8 and earlier versions Adobe Acrobat Standard, Professional and Elements 7.0.8 and earlier versions Adobe Acrobat 3D Revision
January 9, 2007 - This Security Bulletin provides a solution for the issue originally documented in Security Advisory APSA07-01 on January 4, 2007, as well as other issues.
Users with Adobe Reader 7.0 through 7.0.8, who cannot upgrade to Reader 8, should upgrade to Reader 7.0.9. Adobe Reader 7.0.9 is available as a full installation package and not a patch. It can be installed on top of any older version of Reader 7 and user preferences will be preserved: http://www.adobe.com/go/getreader.
Users with Adobe Reader 7.0 through 7.0.8, who cannot upgrade to Reader 8, should upgrade to Reader 7.0.9. The Reader 7.0.9 update requires that Adobe Reader 7.0.8 is installed on your Mac system. To determine which version of Adobe Reader is installed, choose Adobe Reader > About Adobe Reader. The version number appears in the upper left corner below the Adobe Reader logo.
If version 7.0.8 is installed, download and install this incremental patch. After downloading the update file, double-click it to begin the update process and access the file's contents.
If version 7.0, 7.0.1, 7.0.2, 7.0.3, 7.0.5, 7.0.7 or an earlier version of Reader is installed and customers cannot update to Reader 8, Adobe recommends that customers download the full Adobe Reader 7.0.9 installer from the Reader download page.
Adobe Acrobat on Windows or Mac OS
For version 7.0-7.0.8, users should utilize the product's automatic update facility. The default installation configuration runs automatic updates on a regular schedule, and can be manually activated by choosing Help > Check For Updates Now. Alternatively, the update files can also be manually downloaded and installed from www.adobe.com/downloads.
Adobe is working on an update to versions 6.X of Adobe Reader and Acrobat that will resolve this issue. It is expected to be available in the near future. This Security Bulletin will be updated as soon as the update is available.
Server-side workarounds for website operators
Adobe has provided workarounds for website operators to prevent the cross-site scripting vulnerability (CVE-2007-0045) from the server side. Please review Security Advisory APSA07-02 for more information.
Adobe categorizes this as a critical issue and recommends affected users update any affected software.