Adobe to issue emergency updates for Reader, Acrobat

Adobe this week plans to issue an emergency security update for Adobe Reader and Acrobat to fix a number of critical flaws, including a zero-day vulnerability that is being exploited in the wild.

The out-of-band updates for Windows and Mac are expected to be released on Tuesday, while an update for UNIX is due on Nov. 30, Adobe said in a notification Friday.

The updates will address a critical, zero-day flaw that is being leveraged in attacks against Reader and Acrobat.

The flaw affects the authplay.dll component, a Flash interpreter, that ships Reader version 9 for Windows, Mac and UNIX and Acrobat 9 for Windows and Mac, Adobe said in an advisory. The vulnerability, disclosed in late October and already patched in Flash Player earlier this month, could cause a crash or allow an attacker to take control of an affected system.

The updates are also set to address a zero-day flaw in Reader that could permit the launch of denial-of-service attacks against affected computers, Adobe said. The vulnerability, complete with proof-of-concept code, was first revealed earlier this month on the Full Disclosure mailing list.

In addition, other critical vulnerabilities patched in Flash Player earlier this month also will be addressed in the Reader and Acrobat updates.

Meanwhile, the next scheduled quarterly security updates for Reader and Acrobat are expected on Feb. 8, 2011.