Brian Krebs reveals that Fiserv, a “Fortune 500 company that provides bank transaction processing services and software to more than 16,000 clients worldwide,” is urging customers not to use the most updated version of Adobe Reader. In a notice dated February 18, 2010 on a part of its web site available to security and IT managers at partner financial institutions, Fiserv writes, in part:
Until further notice, please do not upgrade Adobe Reader past version 8.1. We have recently found that there are potential compatibility issues with some of our Adobe-based products. If you have already upgraded past this version you can try uninstalling to a lower version. This may or may not be successful. For instructions on uninstalling, please visit www.Adobe.com.
Wow. Advising clients not to use the most secure version because it’s not compatible with your products, when you’d be asking them to leave themselves at risk of an attacker taking control of their systems?
Read more on KrebsonSecurity.com Brian reports that he’s asked Fiserv for more information, so watch his site for more info on this.
Fiserv has researched the client advisory that was cited yesterday by the Krebs on Security blog.
Earlier today we updated Mr. Krebs with additional facts and context regarding that advisory, which he has posted.
This update included the clarification that the advisory was not directed or available to all Fiserv clients, but rather to clients of a single solution within one individual product line.
The advisory had been viewed by fewer than three dozen individuals at the time it was removed.
We agree that this client advisory regarding an isolated software compatibility issue was not the appropriate way to address this issue, and are currently working on a technical resolution.
– Alan Ulman, Fiserv Corporate Communications
Thanks for providing that update, Alan.