NEW YORK: Adobe Systems asked users of its Adobe Reader to upgrade to its latest version, Reader 8.0, as the earlier versions have a security flaw that facilitates hackers to access hard drives or carry out phishing attacks.
Adobe said Reader 8.0, launched in December, is not vulnerable to the cross-site scripting bug.
Adobe Reader, a free download software, is used by millions of people to view documents in PDF format.
The vulnerability has been found in the web browser plug-in of the Adobe Reader software. Adobe Reader allows PDF documents to be viewed in a browser window. Security experts say hackers, exploiting the vulnerability, can force trusted Adobe PDF files to run malicious Javascript code on compromised systems.
The flaw came to be detected and discussed for the first time at the recent annual conference of the Chaos Computer Club, a German hacker group.
Initially it was thought that only Firefox web browser was at risk, but it has now been found that Internet Explorer browsers are also vulnerable.
Adobe Systems said it will issue patches next week for the older versions of Reader. The company has advised users of these versions to disable the plug in until the patches are issued. It said it is best to upgrade to Reader 8.
Adobe has also warned users to exercise caution when clicking on untrusted links, since those links could be manipulated to run an exploit.
Security services firm Symantec Corp said in a blog posting the vulnerability affects the Firefox browser. However, further tests indicated that users running a combination of Internet Explorer 6 and Adobe Reader 7 on Windows XP Service Pack 1 and Internet Explorer 6 and Adobe Reader 4 on Windows XP Service Pack 2 are also vulnerable.
