You don’t usually hear about these subset standards unless you actually use them. Likewise, you probably don’t see many resources on the subset standards unless you actually look for them. Fortunately, there’s the PDF/A Competence Center (how could I have missed this site?).

In case you’ve never come across the site, the PDF/A Competence Center is an association of tech companies and PDF experts primarily focused upon promoting the exchange and use of PDF-based archives.

If you’re looking for PDF/A basics, FAQs, press releases and technical documentation, the www.pdfa.org website has informative articles and resources for both PDF/A creation and usage. The site is continually updated with specialized forum discussions and news.

In fact, they’ve been advertising the first ever 2-day international PDF/A conference from April 10^th-11^thin Amsterdam. Much like the Adobe PDF and Acrobat Conference, it’ll cover different types of tracks on popular PDF/A topics.

Day One will hold separate knowledge tracks for beginner, intermediate and advanced user levels covering topics such as digital signatures, application scenarios, document scanning, fonts, text and Unicode, PDF/A-2 and the legal implications of using PDF/A.

The industry tracks on Day Two will take a look at the role of PDF/A and best practices to follow in the libraries and public sectors; engineering and manufacturing; and business to customer industries.

You can register online for the event. Or you can get a copy of the flyer here—which you can fill out and submit online.

According to the Adobe site, this update patch “includes several important security fixes, among them a few of critical severity that could be remotely exploitable”. What’s behind the “critical severity” hasn’t yet been publicly announced or confirmed by Adobe.

However, the story around this update isn’t the bug itself. The main concern is the lack of information about the critical threat.

This brings us back to the zero-day PDF bug alert back in October when in absence of a software patch, the only prevention advice given to users was to stop downloading online PDFs altogether. Not a great time for users whose work depends upon opening PDF files.

Although there are patches to fix this one, the concern is still the same. It just goes to show that when it comes to PDF security (or any software security for that matter), being informed is the best safeguard users want to have.

So in the absence of the official word from Adobe, what details are there?

One vulnerability researcher, Kostya Kortchinsky, went in search for the details himself and narrowed down the “mystery” security flaw. His reverse engineering on the updated patch revealed that it was designed for fixing a stack overflow bug. Moreover, a proof-of-concept exploit was successfully tested in unpatched Readers that crashed in IE browsers.

As to the origins of the exploit, Symantec Corp. speculates that it might have originated from malicious ads on hacked websites that lure visitors to open rigged PDF files via JavaScript without knowing it.

On Adobe’s silence, an article on Computerworld proposed that it was due to software being used within the Reader which Adobe is licensing. If true, it would mean that Adobe’s discretion also involves protecting other third –party vendors and their products, not just the Acrobat and Reader applications.

Yet, however plausible all these might be, none are being confirmed by Adobe.

The real details will have to wait until then--along with many anxious PDF users. In the meantime, the best advice for now (as always) is to update your software.