Critical Adobe Reader, Acrobat update due today

A critical, out-of-cycle patch is set to repair a serious flash vulnerability in the software that is being actively targeted by attackers.

Adobe Systems Inc. is set to release an out-of-cycle update to its popular Flash Player for Adobe Reader and Adobe...

Acrobat software, today, fixing a critical flaw that could give malicious hackers control of victims' machines.

The flaw exists in Adobe Flash Player and earlier versions running on all operating systems. Adobe corrected the flaw in Flash for Windows, Macintosh and Linux on June 10. Brad Arkin, director of product security and privacy at Adobe said the issue would be addressed in Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by June 29.

"The accelerated next quarterly Adobe Reader and Acrobat update will also resolve a number of responsibly disclosed vulnerabilities," Arkin wrote in a blog entry outlining the rushed patch schedule. Today's release was scheduled for July 13.

A memory corruption error within a component of the player can crash, allowing an attacker to execute code remotely and take control of a victim's computer.

Adobe's widely used software is being targeted more often by attackers. The attacks have forced the software vendor to focus on secure software development. Despite the use of a number of different dynamic and static analysis tools to test for errors, malicious hackers continue to find zero-day vulnerabilities in the software.

The Flash vulnerability surfaced earlier this month with reports that attackers were actively targeting the vulnerability. Attackers trick users into clicking on SWF files or embed the SWF files directly into Adobe Reader and Acrobat files.

~ Robert Westervelt

Dig Deeper on Securing Productivity Applications



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: