As Symantec reported in February, crooks have hit the flaw with small-scale attacks that e-mail PDF attachments to specific targets. Adobe says a patch should be ready for version 9 of both programs by the time you read this, with fixes for earlier versions to follow. Read .
Word Docs Target IE 7
Bad guys went after a bug in Internet Explorer 7 a week after Microsoft distributed a fix. Those attacks employed a malicious Word document, but the has warned that crooks could also add hidden code to a hijacked Web site to create a drive-by download attack. You can install the patch for this browser flaw via Automatic Updates, or .
The same patch batch from Microsoft addresses a ; an attack through this hole can be triggered if you open a hacked Visio file.
Meanwhile, Mozilla fixed six security holes in its Firefox browser, one of which was deemed critical. Firefox version 3.0.6 and later has the fixes; click Help, Check for Updates to make sure that you have the latest version. The same critical flaw can hit the Thunderbird e-mail program if JavaScript is enabled for e-mail (it's disabled by default, and discouraged by Mozilla). Version 2.0.0.21 closes the hole.
Media File Mayhem
If you use RealNetworks' RealPlayer, beware of a risk involving malformed Internet Video Recording (IVR) files. According to security company Fortinet, simply previewing a poisoned IVR file in Windows Explorer could allow an attacker to run any command on a vulnerable PC. Versions 11 through 11.04 are at risk, while 11.05 and later are not affected. Check your version by clicking Help, About RealPlayer, and, if you need it, .
Finally, OpenOffice users should know that a default installation of the productivity suite's latest version (3.0.1) adds an old, insecure version of Sun's Java (Java 6 Update 7). According to the Washington Post, which originally reported the issue, the suite should work fine with the latest edition, Java 6 Update 12; remove your old Java versions and . You can also read . The OpenOffice team should have a new version (with an updated Java version) by the time you read this, and you can also get a .