In response to two critical vulnerabilities in Acrobat and Adobe Reader 9.3, yesterday Adobe released the 9.3.1 update for both applications; users of the older 8.x versions can update to 8.2.1 to resolve the security issues. One of the two vulnerabilities addressed would allow a malicious PDF to make unauthorized cross-domain requests; the other could crash the PDF application and possibly allow an attacker to gain access to other parts of the system.
The first flaw is related to a Flash Player issue that was revealed last week; if you have not updated Flash to the latest version (10.0.45.2 as of this moment, see your version & current versions here) & you aren't blocking Flash, you should go get the latest build right away. Although you can configure auto-update notifications in Flash Player, it's not clear if Mac OS X clients are consistently getting these reminders to update.
Even though Mac users are far less likely to be targeted by malware than our Windows-using friends and family, vigilance is still critical. Security analysis firm ScanSafe reported that it saw the percentage of exploits delivered via PDF files rise from 56% at the beginning of 2009 all the way up to 80% in the 4th quarter, so keeping those Adobe apps current -- or, better yet, using Apple's Preview app as the default PDF reader on Mac OS X -- is only prudent.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.