Adobe issues emergency fix for two critical flaws

Adobe has released an out-of-band patch for two software vulnerabilities in its Acrobat and Reader software.

Adobe has released a new version of its Acrobat and Reader software that fixes two software vulnerabilities that are being exploited in the wild.

Read this

Don't open that PDF: There's an Adobe Reader zero-day on the loose

After Java and Flash, now PDF Reader is under attack, with one security firm warning Reader users to avoid PDFs.

Read More

The release closes two security holes reported by security researchers last week  that affect versions nine, X and XI of Reader and Acrobat for Linux, Mac OS X and Windows.

The "critical" vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe said it has evidence of these flaws being exploited in the wild on Mac and Windows systems and recommended administrators install the update as "soon as possible". Adobe ranked the vulnerabilities as lower risk on Linux systems as there are currently no known exploits, recommending administrators update within 30 days.

More information on the holes, a memory corruption vulnerability CVE-2013-0640 and a buffer overflow vulnerability CVE-2013-0641, are available in Adobe's security advisory.

The emergency fixes follow two Flash Player zero-days that were being exploited by attackers in spear-phishing campaigns, and for which Adobe issued out-of-band fixes two weeks ago.