Adobe Systems has issued updates to fix security flaws in its Reader and Acrobat software that could allow an attacker to remotely commandeer a computer. The vulnerabilities affect Adobe Reader and Adobe Acrobat Standard, Professional and Elements versions 7.0.8 and earlier, as well as Adobe Acrobat 3D, Adobe said in its advisory. Secunia rated the Reader flaw as "highly critical."
The version 7.0.9 updates issued Tuesday are designed to address holes that could allow outsiders to gain access to hard-disk drives via a malicious link that targets PDF files on vulnerable computers. The attackers could then take the compromised system and read and delete files, execute programs and forward information from the computer. Adobe recommends that Reader users upgrade to Reader 8, the most recent major version, to fix the problem. Those whose computer systems are not compatible, or who do not want to move to version 8 can install Tuesday's 7.0.9 version instead.