If your computer has Adobe Acrobat 9 or Acrobat Reader 9, you should have already installed an update to version 9.1, issued last week. Open the program and click on Help / About to check the version, or click on Help / Check for Updates to see if you’re up to date.
If you have any version of Acrobat / Acrobat Reader 7 or 8, Adobe is scheduled to issue an update on Wednesday. Install it when you are prompted, or check for it manually on Wednesday or Thursday.
These are critical updates! In January Adobe was notified of a hole that lets malformed PDFs do terrible things to your computer with almost no interaction. There are bad guys pushing out PDFs that can possess your computer and kill household pets. It’s one of those security issues that is so awful that security-minded IT folks have been hospitalized just thinking about it. If you knew the details, you’d be seriously spooked.
One researcher created a proof of concept and posted the explanation along with a simple video. Go watch it! The bad PDF crashes the computer: (1) when it is selected in a list of files by highlighting it with a single click; (2) when the list of files is changed to thumbnail view, without any further interaction with the individual file at all; and (3) when the mouse cursor hovers over the file name, without any click or highlight. Think about that!
The same vulnerability could lead to a bad guy taking remote control of your computer or installing other bad software. It’s genuinely scary.
Adobe is taking some heat for being slow to get these patches out. You don’t need to get weird and be afraid of all PDF files, but be careful if you get any unexpected PDF email file attachments – and get these patches installed!