Adobe Systems Inc. issued a security update to its Adobe Acrobat and Reader PDF viewing software, repairing a serious PDF zero-day vulnerability being actively targeted by attackers since mid-December.
The latest Adobe update, issued Tuesday, repairs eight vulnerabilities in Adobe Reader 9.2 and Acrobat 9.2 for Windows, Macintosh and UNIX, and Adobe Reader 8.1.7 and Acrobat 8.1.7 for Windows and Macintosh.
"These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system," according to the Adobe security bulletin.
One of the errors, a remote code execution zero-day vulnerability in its multimedia.api, was discovered Dec. 15, but the software maker decided to delay issuing a patch to avoid negatively impacting the timing of its regularly scheduled quarterly security update. Since the discovery, several security researchers have discovered malware variants attempting to exploit the Adobe flaw in a series of email attacks containing malicious PDF attachments. The exploit targets Adobe Reader and Acrobat 9.2 on Windows platforms, Adobe said.
In addition, Adobe addressed a memory corruption vulnerability, a script injection error and a DLL-loading flaw that could allow arbitrary code execution.