I checked earlier this morning, and an hour ago with the reader's "check for updates" and no update was forthcoming.
Just now I checked again and an update was found. Carl -----Original Message----- From: Peter van Houten [mailto:[email protected]] Sent: Wednesday, March 11, 2009 11:50 AM To: NT System Admin Issues Subject: Re: Foxit PDF Reader Flaws It was out yesterday already: http://www.adobe.com/support/security/bulletins/apsb09-03.html -- Peter van Houten > -----Original Message----- > From: Carl Houseman [mailto:[email protected]] > Sent: Wednesday, March 11, 2009 8:22 AM > To: NT System Admin Issues > Subject: RE: Foxit PDF Reader Flaws > > It's March 11 already in most of the world and no Adobe patch yet. (I > know, > they're hardly awake in CA yet and why should I be surprised that Adobe > can't automate something as simple putting a new version online.) > > Carl > > -----Original Message----- > From: Mike French [mailto:[email protected]] > Sent: Wednesday, March 11, 2009 11:14 AM > To: NT System Admin Issues > Subject: Foxit PDF Reader Flaws > > Just an FYI: > > March 9, Computerworld - (International) Foxit PDF viewer open to > attack, say researchers. Security researchers on March 9 warned of > several vulnerabilities in Foxit, a free PDF document viewer that has > been recommended as an alternative to Adobe Reader, which currently > contains an unpatched critical bug of its own. Foxit Software Co. > patched its namesake on March 9 to plug three holes. One of the three > vulnerabilities is in the same JBIG2 image compression format fingered > by researchers last month as the root of the bug in Adobe System Inc.'s > popular Reader and Acrobat applications. The flaw in Adobe's software, > which has been exploited by hackers since at least early January, will > not be patched until March 11, according to Adobe's schedule. The Foxit > and Adobe bugs are unrelated, however, except for the fact that they are > both in the code that parses JBIG2 images, said the chief technology > officer at Secunia, the Danish company that reported the flaw to Foxit. > "It is a completely different vulnerability related to JBIG2," he said > in an e-mail on March 9. It was Adobe's confirmation of its bug that > prompted Secunia researchers to dig into other PDF viewers. "We did, > however, start the research in Foxit out of curiosity based on the Adobe > vulnerability, and discovered this new vulnerability," the chief > technology officer said. Secunia reported the bug to Foxit on February > 27. The remaining two bugs in Foxit were reported February 18 by Core > Security Technologies, a developer of penetration testing software. One > of the vulnerabilities can trigger a buffer overflow, while the other > could be used by attackers to circumvent security warnings. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
