Adobe Flash, Reader, and Acrobat Vulnerability

Over the weekend Adobe announced a critical security issue in a few of its products. This is a particularly serious issue for machines running recent versions of Flash, Reader, and Acrobat, because it's easy to stumble across something that can compromise your computer: you can pick it up just by clicking on a URL shortener link (e.g. tinyurl.com, bit.ly, etc.) that sends you to a hacker's website, or by just unknowingly visiting a hostile website or opening an unexpected PDF file someone sent you. Once a computer has been compromised, other people can take control of and use it for a variety of illegal purposes.

Just days after the announcement of the vulnerability, I've begun receiving bogus PDF files as spam. Although I haven't confirmed that they're exploiting this new hole, the timing is probably more than a coincidence. Aside from these, exploits have already been seen "in the wild" (i.e. outside of research labs).

Adobe's advisory is a little technical, but it's got some steps you should take if you're running Flash, Acrobat, or Reader. There won't be patches for Reader and Acrobat until June 29, so follow the instructions in the Adobe advisory to protect your computer until you install an update. And make sure to update to Flash Player 10.1, which has been confirmed as not vulnerable to this issue.

Be careful in our modern Wild West that is the Internet.