Adobe issues long-awaited Reader security fix

Adobe has finally fixed a flaw in Reader 9 and Acrobat 9

Adobe has released a security update to address a flaw that the company first warned about in February.

The update should patch a flaw in Reader 9 and Acrobat 9 which could allow an attacker to use a specially-crafted PDF file to cause a crash and take control of a targeted system.

The fix will update the Mac and Windows versions of Adobe Reader and Acrobat to version 9.1. Adobe is planning to release fixes for the Unix version of the software as well as earlier versions of both applications later in the month.

Security experts from the US Computer Emergency Response Team and the Sans Institute recommend that users update to the 9.1 versions of the software if at all possible.

The update comes more than two weeks after Adobe first warned of the threat, which has been actively exploited in the wild. The company estimated at the time that the first patches for the flaw would not be out until March, and users were advised to disable JavaScript code within PDF files.

However, just days after Adobe released its advisory on the attacks and a timeline for a fix, an independent researcher constructed a home-made patch for Windows systems.