News Stay informed about the latest enterprise technology news and product updates.

Adobe issues emergency update, repairs critical Reader flaw

Adobe said a critical vulnerability could cause the application to crash and potentially allow an attacker to install malware and take control of the affected system.

Adobe Systems Inc. issued an emergency update to its Acrobat and Reader applications, repairing two critical vulnerabilities...

that could be used by attackers to crash the program and take control of an affected system.

In a security bulletin issued Tuesday, Adobe said the vulnerabilities affected Adobe Reader 9.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3 for Windows and Macintosh, Adobe Reader 8.2 and Acrobat 8.2 for Windows and Macintosh. Adobe urges users to update to versions 9.3.1 or 8.2.1.

Flash Player update:
Adobe issued an out-of-band fix, repairing a critical security vulnerability in Flash Player. The update affects Flash Player versions and earlier, as well as Adobe AIR versions and earlier. According to Adobe, the Flash flaw could enable an attacker to bypass restrictions and make anonymous requests to malicious third-party sites, poisoning Flash ads and videos.

Adobe addressed an issue with Flash Player that enables an attacker to bypass process sandboxing within Reader and Acrobat to make anonymous requests to third-party websites. Adobe said the flaw is critical. The flaw enables an attacker to redirect components within embedded flash in PDF files to malicious webpages, either causing the Flash Player to display unauthorized material or trick the victim into downloading malware.

A second critical vulnerability causes the application to crash and could enable an attacker to execute code remotely and install malware, taking over a victim's machine. No details on the vulnerability are currently available. It was credited to the Microsoft Vulnerability Research Program (MSVR). MSVR is Microsoft's responsible disclosure program for reporting vulnerabilities that its engineers discover in third-party applications running on Windows.

Danish vulnerability clearinghouse Secunia gave the update a highly critical rating.

Adobe issued a critical update to its Flash Player last week, repairing the same sandboxing bypass vulnerability in Flash Player versions and earlier, as well as Adobe AIR versions and earlier.

- Robert Westervelt

Dig Deeper on Productivity apps and messaging security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.