Patch/Configuration Management, Vulnerability Management

New Reader, Acrobat from Adobe fixed for 23 flaws

Adobe on Tuesday released updated versions of its flagship Reader and Acrobat products to close a whopping 23 vulnerabilities, including two publicly known issues.

The "critical" holes are plugged in Reader 9.4 for Windows, Macintosh and UNIX and Acrobat 9.4 for Windows and Mac. Users of Reader/Acrobat 8.2.4 are advised to upgrade to 8.2.5.

All but four of the flaws could lead to malicious code execution, according to an Adobe security bulletin.

The updates were due to be released Oct. 12, but moved up a week due to active exploits targeting a zero-day vulnerability confirmed by Adobe last month. That unpatched flaw, which garnered vulnerability tracking firm Secunia's most severe rating of "extremely critical," could be targeted to crash a user's machine or take complete control of it, according to a previous advisory from Adobe.

Five days after that disclosure, Adobe revealed another unpatched bug affecting Reader and Acrobat. However, unlike the other zero-day, Adobe said it is not aware of any in-the-wild attacks targeting the vulnerability.

Both Reader and Acrobat contain mechanisms to update to the latest versions, Adobe said. As an alternative, users can follow the instructions contained in Tuesday's bulletin.

The next quarterly updates for Adobe Reader and Acrobat are due Feb. 8, 2011.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.