Adobe Systems Inc. issued an update Tuesday, repairing nearly 30 flaws identified as critical, as part of its quarterly update. Adobe warned that one flaw is being actively targeted by attackers.
Adobe Reader 9.2 and Acrobat 9.2 fix vulnerabilities that if exploited by an attacker, could cause the application to crash or allow an attacker to run malicious code and gain access to critical system files.
The Adobe update fixes errors in Adobe Reader and Acrobat 9.1.3 and Acrobat 8.1.6 for Windows, Macintosh and UNIX. Security vendors have warned that malicious PDF files were targeting an unpatched heap overflow vulnerability.
According to the Adobe October Security Bulletin, the update resolves multiple heap-based buffer overflow conditions, memory corruption issues and input validation errors that could lead to code execution. An input validation issue specific to an ActiveX control could lead to a denial-of-service (DoS) attack, Adobe said.
The update fixes an error with a third party Web download product that Adobe Reader uses, which could be exploited by an attacker to escalate local privileges. A cross-site scripting (XSS) issue has also been addressed in a browser plugin for the Google Chrome and Opera browsers.