Adobe joined Microsoft's Patch Tuesday barrage this week with the release of a monster update to fix 29 documented security vulnerabilites in the Adobe Reader and Acrobat software products.
The vulnerabilities, rated "critical," patches code execution holes that can be exploited my malicious hackers to take complete control of an affected system. At least one of the vulnerabilities has already been exploited in the wild.
Critical vulnerabilities have been identified in Adobe Reader 9.1.3 and Acrobat 9.1.3, Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Macintosh and UNIX, and Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. This update represents the second quarterly security update for Adobe Reader and Acrobat.
Adobe recommends users of Adobe Reader 9.1.3 and Acrobat 9.1.3 and earlier versions update to Adobe Reader 9.2 and Acrobat 9.2. Adobe recommends users of Acrobat 8.1.6 and earlier versions update to Acrobat 8.1.7, and users of Acrobat 7.1.3 and earlier versions update to Acrobat 7.1.4. For Adobe Reader users who cannot update to Adobe Reader 9.2, Adobe has provided the Adobe Reader 8.1.7 and Adobe Reader 7.1.4 updates. Updates apply to all platforms: Windows, Macintosh and UNIX.
Affected software versions include Adobe Reader 9.1.3 and earlier versions for Windows, Macintosh, and UNIX; and Adobe Acrobat 9.1.3 and earlier versions for Windows and Macintosh.