Adobe Systems Inc. issued a massive update Tuesday, repairing nearly two dozen vulnerabilities to its Reader and Acrobat software, including a zero-day flaw that attackers are targeting in the wild.
The Adobe fix
The critical flaw enables an attacker to remotely cause Flash Player to crash and execute malicious code to take control of a victim's machine. The Flash Player hole surfaced in September when exploits were made widely available.
In addition, 22 other vulnerabilities were repaired with Tuesday's release. Adobe also fixed a second critical vulnerability, which affects Flash, Reader and Acrobat and could be used by an attacker to crash the applications and gain control of a victim's machine. Adobe said it was unaware of any active attacks targeting that hole.
Adobe urges users of Adobe Reader and Acrobat 9.3.4 and earlier or Adobe Reader and Acrobat 8.2.4 or earlier for Windows and Macintosh to upgrade to the latest versions. Adobe Reader and Acrobat for UNIX systems are also affected by the update.
Adobe said the next quarterly security updates for Adobe Reader and Acrobat are scheduled for Feb. 8, 2011.