Security Update Arrives Weeks After Notice Issued

Adobe has released a security update to address a flaw the company first warned users of in February.

The company said that the update should patch a flaw in Reader 9 and Acrobat 9 which could allow an attacker to use a specially-crafted PDF file for cause a crash and take control of a targeted system.

The security fix will update both the Mac and Windows versions of Adobe Reader and Acrobat to version 9.1. The company is planning to release fixes for the Unix version of the software as well as earlier versions of both applications later in the month.

Along with Adobe, security experts from the US Computer Emergency Response Team and Sans are recommending that users update to the 9.1 versions of the software if at all possible.

The update comes more than two weeks after Adobe first warned of the threat, which has been actively exploited in the wild. At the time, the company estimated that the first patches for the flaw would not be out until March and users were advised to disable Javascript code within PDF files.

However, just days after Adobe released its advisory on the attacks and a timeline for a fix, an independent researcher constructed a home-made patch for Windows systems.