PDF Vulnerability: “Critical” Severity Rating

From news.com:

Initially, security professionals thought that the problem was restricted and exposed only Web-related data or could support phishing scams. Now it has been discovered that miscreants could exploit the problem to access all information on a victim’s hard disk drive, said Web security specialists at WhiteHat Security and SPI Dynamics. Key to increased access is where hostile links point. When the issue was first discovered, experts warned of links with malicious JavaScript to PDF files hosted on Web sites. While risky, this actually limits the attacker’s access to a PC. It has now been discovered that those limits can be removed by directing a malicious link to a PDF file on a victim’s PC.

Here’s the what Adobe advices its users to do. Personally, if your using Adobe Reader, I suggest you upgrade to Adobe Reader 8.0. To those who cannot upgrade to 8.0 or those using Acrobat, Adobe has already relased its update. Use it well.