If you’ve heard about the recent PDF vulnerability in the news, you probably haven’t heard much.

This is because the details are scarce. The main headline is that there exists a PDF vulnerability that can be exploited on Windows XP systems that have IE7 installed. There was only one other vague detail-- a YouTube video posted on Petko Petkov’s blog—the U.K.-based security researcher that first discovered the vulnerability. The video demonstrates what the PDF vulnerability is capable of. In the video, the opened PDF automatically launches applications on your computer without any other input than clicking on the file.

If you were worried or frustrated at this news, there was good reason to be. The blog posting itself sounded ominous. It didn’t help matters that the only advice offered in protection against this obscure vulnerability was to avoid opening any PDF files at all, a thing hard to imagine when you and millions of other users download and open PDFs on a daily basis. No immediate fix was even released, let alone acknowledgement or confirmation from the major companies involved. Until now.

Adobe finally confirmed and verified the security vulnerability last Friday, two weeks after the news was released. They’ve posted an advisory alert on the issue which can be found on their website. But there’s good news and a bit of bad news.

The good news: A workaround was provided by Adobe as a temporary means of protecting against it. The work around means modifying the registry of your computer.

The bad news: Details still aren’t available. Petkov stated that he wouldn’t reveal the proof of concepts of the vulnerability until an update was released. In addition, those who aren’t able to implement the workaround on their systems will have to wait for that update fix as well, which is slated for the end of October.


So until then, you’ll have to keep an eye out for everything and anything when it comes to the PDF because what you don’t know can hurt you.