Fiserv to Banks: Stay on Outdated Adobe Reader

Monday, March 08, 2010

Cross-posted from: http://www.databreaches.net/?p=10550

Brian Krebs reveals that Fiserv, a “Fortune 500 company that provides bank transaction processing services and software to more than 16,000 clients worldwide,” is urging customers not to use the most updated version of Adobe Reader. In a notice dated February 18, 2010 on a part of its web site available to security and IT managers at partner financial institutions, Fiserv writes, in part:

Until further notice, please do not upgrade Adobe Reader past version 8.1. We have recently found that there are potential compatibility issues with some of our Adobe-based products. If you have already upgraded past this version you can try uninstalling to a lower version. This may or may not be successful. For instructions on uninstalling, please visit www.Adobe.com.

Wow. Advising clients not to use the most secure version because it’s not compatible with your products, when you’d be asking them to leave themselves at risk of an attacker taking control of their systems?

Read more on KrebsonSecurity.com Brian reports that he’s asked Fiserv for more information, so watch his site for more info on this.

Possibly Related Articles:
4164
Viruses & Malware Webappsec->General
Accounting Banking Financial Services
Adobe Patching Vulnerabilities
Post Rating I Like this!
Default-avatar
Alan Ulman Fiserv has researched the client advisory that was cited yesterday by the Krebs on Security blog.

Earlier today we updated Mr. Krebs with additional facts and context regarding that advisory.

This update included the clarification that the advisory was not directed or available to all Fiserv clients, but rather to clients of a single solution within one individual product line.

The advisory had been viewed by fewer than three dozen individuals at the time it was removed.

We agree that this client advisory regarding an isolated software compatibility issue was not the appropriate way to address this issue, and are currently working on a technical resolution.

- Alan Ulman, Fiserv Corporate Communications
1268164973
6d117b57d55f63febe392e40a478011f
Anthony M. Freed Alan - Thanks for bringing us up to date, and providing the additional details - please keep us informed of developments!
1268165068