Adobe Posts Security Fix For Reader, Acrobat
A code injection vulnerability in Adobe Reader and Acrobat 8.1.2 required a quick fix amid reports of an exploit for it in the wild.
People on versions up to 8.1.2 of Reader and Acrobat may update their products with a security fix, currently available for download. Adobe recommended users of Acrobat and Reader 7 update those products to version 7.1.0.
SecurityFocus noted the Information Security Team of the Johns Hopkins University Applied Physics Laboratory picked up on the problem with Acrobat and Reader. Vulnerable Adobe products fail to adequately sanitize user input to prevent exploitation.
Such sanitization issues have plagued websites all over the Internet. Their ease of exploitation makes them a favorite avenue of attack for malicious types, a problem exacerbated by failure to detect and update vulnerable products before exploits hit.