Adobe has fixed a security vulnerability (http://secunia.com/advisories/23666) in its Reader software that created a mechanism for hackers to commandeer vulnerable systems.

The unspecified heap corruption flaw affects Adobe Reader versions 6.x and 7.x and means users tricked into opening malformed PDF documents might be exposed to malware. Credit for discovering the bug (http://www.piotrbania.com/all/adv/adobe-acrobat-adv.txt) goes to security researcher Piotr Bania.

Users are advised to upgrade to reader version 7.0.9 or upgrade to version 8.0, as explained in an advisory by Adobe here (http://www.adobe.com/support/security/bulletins/apsb07-01.html). Updating to Adobe Reader version 8.0 also fixes a variety (http://secunia.com/advisories/23483) of other security vulnerabilities discovered last week. ®

Related stories

Adobe pulls bug-riddled Photoshop update (18 March 2008)
http://www.theregister.co.uk/2008/03/18/photoshop_bug/
Adobe Reader Trojan predates mystery update by two weeks (11 February 2008)
http://www.theregister.co.uk/2008/02/11/adobe_reader_exploit/
Stealthy Adobe Reader update fixes mystery security bugs (7 February 2008)
http://www.theregister.co.uk/2008/02/07/stealth_adobe_reader_update/
Adobe gifts internal file permissions to unwashed masses (27 September 2007)
http://www.theregister.co.uk/2007/09/27/adobe_website_leak/
Malware spectre haunts Adobe Reader (21 September 2007)
http://www.theregister.co.uk/2007/09/21/pdf_peril/
Fake flash player site used to spread malware (22 June 2007)
http://www.theregister.co.uk/2007/06/22/shockwave_social_engineering_ruse/
Bug brace menaces Adobe Photoshop (1 May 2007)
http://www.theregister.co.uk/2007/05/01/adobe_photoshop_bugs/
Adobe targets developers with Apollo (19 March 2007)
http://www.theregister.co.uk/2007/03/19/adobe_atlas/
Online ads diet planned for Adobe Photoshop (2 March 2007)
http://www.theregister.co.uk/2007/03/02/adobe_free_online_photoshop/
Bug brokers offering higher bounties (25 January 2007)
http://www.theregister.co.uk/2007/01/25/bug_brokers_offering_higher_bouties/
Adobe scripting flaw unearthed (4 January 2007)
http://www.theregister.co.uk/2007/01/04/adobe_scripting_flaw/
Adobe puts Acrobat flaw on the critical list (7 December 2006)
http://www.theregister.co.uk/2006/12/07/adobe_acrobat_flaw/
Adobe builds web conferencing into Acrobat (18 September 2006)
http://www.theregister.co.uk/2006/09/18/adobe_acrobat_8/
Adobe warns over PDF peril (17 August 2005)
http://www.theregister.co.uk/2005/08/17/adobe_pdf_glich/