Adobe closes numerous critical holes in Reader and Acrobat.
Adobe has released updates for its Flash and Shockwave Players, and Reader and Acrobat PDF viewers, addressing multiple vulnerabilities. All of these security updates are rated as critical by the company as they could be exploited by a remote attacker to take control of a victim’s system and execute malicious code.
The updates for Reader and Acrobat X close a total of 20 security holes. These include stack and heap buffer overflows, and a number of memory corruption vulnerabilities, and could result in remote code execution. Reader and Acrobat X 10.1.3 and earlier, and versions 9.5.1 and earlier of Acrobat and Reader 9.x for Windows and Mac OS X are vulnerable; all users are advised to upgrade to versions 9.5.2 or 10.1.4. Adobe says that updating Windows Reader and Acrobat 9.5.1 or earlier is priority 1 issue; this suggests that there are attacks using the vulnerabilities already taking place and users should update within 72 hours.