Adobe on Tuesday plans to release updates to its widely deployed Reader and Acrobat software to address a number of flaws, including a pair of known issues, the company announced Thursday.
Updates to the Reader 9.3.4 for Windows, Macintosh and UNIX and Acrobat 9.3.4 for Windows and Mac will close an undisclosed number of “critical” vulnerabilities. Reader and Acrobat 8.2.4 also will receive an upgrade.
The updates were due to be released Oct. 12, but moved up a week due to active exploits targeting a vulnerability confirmed by Adobe earlier this month.
That unpatched flaw, which garnered vulnerability tracking firm Secunia’s most severe rating, could be targeted to crash a user’s machine or take complete control of it, according to a previous advisory from Adobe.
Five days after that disclosure, Adobe revealed another unpatched bug affecting Reader and Acrobat. However, unlike the other zero-day, Adobe said it is not aware of any in-the-wild attacks targeting the vulnerability. The same hole also impacted Flash but was plugged in that software a week later.
Tuesday’s final security bulletin will be posted here.
As PDFs have become one of the most heavily targeted file types by cybercriminals, users are advised to treat all unsolicited PDF files with “extreme caution” and avoid visiting untrusted websites where their machines may be infected with exploits, according to security firm F-Secure.