Have you patched Adobe's last security flaw? I know you're thinking "This is old news." and that's at least partially right, but some of you who stay up with Adobe's problems may still be in for a surprise.

Back on 4/28, Adobe acknowledged a serious Javascript security issue with Acrobat Reader that affected all versions. On 5/12, they announced a fix for the flaw and recommended all users upgrade to v. 9.1.1 of Acrobat Reader. Unfortunately, a week later, Adobe was still offering the unpatched Reader 9.1.0 as the default download.

This came to my attention on 5/19 when I was doing working with a new client who had problems with Acrobat Reader 5.0 (!) not displaying some pdf files correctly. He wasn't open to alternative products, so I went to Adobe's site and downloaded the newest version of the Reader. We talked more about security, and I installed Secunia Inspector for him, and explained how it worked. The scan identified a vulnerability and posted a link to Acrobat Reader 9.1.1 less than 10 minutes after I had downloaded the "new" Reader.

So, the bottom line is that there are probably lots of folks out there still running unpatched versions of the Acrobat Reader for any number of reasons. Some of them might even be your clients.

Thanks for the heads up!