Earlier this month, we told you that the combination of Adobe Reader or Acrobat with Windows XP and Internet Explorer 7 left users facing a major vulnerability: the "mailto" URI used in web pages and PDF files could be used to download and install malware.
Adobe promised they'd have updates to fix the problem by month-end, and they've outdone themselves: they rolled out a security bulletin today with updates to Adobe Reader 8.1 and Adobe Acrobat 8.1. Reader and Acrobat 8.1 become 8.1.1 after patching.
Acrobat & Reader 7.x Users - Still on the Waiting List
You know how software vendors are always telling you to 'update to the lastest version?' Sometimes, there's a good reason, like being first in line for updates for a security problem. Although lots of PCs still use Acrobat and Reader 7.x, Adobe rolled out the patches for Acrobat and Reader 8.1 first. Are Acrobat 7.x users out of luck? Nope. Adobe says it will roll out updates for Acrobat and Reader 7.x users "at a later date." If for some reason you're still using Acrobat or Reader 6.x or earlier - Fuhgeddaboutit! No patches for you.
Can't Wait for 7.x Updates? Disable Mailto: Now!
If you can't run Acrobat or Reader 8.1, follow the workaround provided in both the original and the new security bulletins to disable the Mailto: URI for Acrobat and Reader.