Adobe adds to out-of-band update

Adobe has said it will add updates for Flash Player to an out-of-cycle patch that will address a number of vulnerabilities in its software.

The company said on 5 August that it would patch flaws in Reader and Acrobat revealed by security researcher Charlie Miller at the Black Hat security conference in July.

Adobe updated its advisory on Tuesday to say it would release the patch on Thursday, and that it would also address problems in Flash Player. The flaws could cause Flash to crash and allow an attacker to take control of the affected system, according to an Adobe advisory.

Adobe aims to patch Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux, and Solaris, as well as Adobe Air 2.0.2.12610 and earlier versions for Windows, Macintosh and Linux, said the company.

The flaws found in Adobe Reader and Acrobat could allow an attacker to remotely run malicious code on an affected system, according to Adobe. The integer overflow vulnerability is related to how the PDF-reading software parses fonts. The vulnerability has the CVE number CVE-2010-2862 in the NIST's National Vulnerability Database.

Adobe is planning to release updates for Adobe Reader 9.3.3 for Windows, Macintosh and Unix; Adobe Acrobat 9.3.3 for Windows and Macintosh; and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh, said the company.

Adobe normally patches quarterly, with the next scheduled update due on 12 October.