Researchers have discovered yet another security hole in software giant Adobe’s PDF reader, Acrobat. This is the latest in a long line of vulnerabilities in Acrobat that can allow an attacker full control over your PC if you open an infected PDF file.
Adobe has this to say about the discovery:
A critical vulnerability has been identified in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.
In my opinion Acrobat has become the red headed step child of PDF readers by growing ever larger and overly complicated with each new version! The most recent version weighs in at 65MB, while free third party PDF software such as Jim’s favorite, PDF X-Change Viewer, and my favorite, Nitro PDF Reader, weigh in between 14MB and 28MB.
Acrobat Reader has also become the PDF target for miscreants set on infecting computers through exploits in its’ software, of which the latest find is just another example. My recommendation is to uninstall Acrobat Reader and choose one of the options above. You’ll be removing a popular attack vector from your computer and replacing it with a completely functional equivalent that is less likely to be targeted in the future. Adobe’s Acrobat is truly the “low hanging fruit” in the PDF software arena. As an added benefit you’ll also be removing one of the more bloated software products I’ve seen in quite a while.
So, what do you think? Remove the bloat and try another free product with less risk? -or- Wait for Adobe to release another patch and tow the Acrobat party line?