Adobe patches Flash and zero-day Acrobat bugs

A flaw in Adobe Acrobat and Reader for Windows is being exploited in the wild. Critical vulnerabilities affect all versions of Flash Player.

Adobe has released updates to fix seven vulnerabilities in Flash Player and one vulnerability in Adobe Reader and Acrobat which, the company says, is being exploited in the wild " limited, isolated attacks targeting Adobe Reader users on Windows." The OS X versions of Acrobat and Reader are not affected.

Users may update Acrobat and Reader with the Help > Check for Updates menu option. Flash Player users may download the latest version from Adobe at this page. Users of Internet Explorer on Windows 8 and above and of Google Chrome will receive browser updates from those companies with fixed versions of their integrated Flash Player.

The lone vulnerability in Acrobat and Reader for Windows could allow an attacker to circumvent sandbox protection. Users of Adobe Reader 11.x for Windows should update to version 11.0.08. Users of Adobe Reader 10.x for Windows should update to version 10.1.11.

The vulnerability was reported to Adobe by Costin Raiu and Vitaly Kamluk of Kaspersky Labs. In a blog entry, Raiu says that the attacks are very rare, but that it's still important for everyone to patch as soon as possible.

The seven vulnerabilities in Flash affect version and earlier for both Mac and Windows, including the versions integrated into Chrome and IE. The new version will be in most cases. Google Chrome users will get and the NPAPI plugin for Firefox will be version

Flash Player and earlier versions for Linux are vulnerable and users should update to

As is always the case with Flash updates, Adobe AIR and the AIR SDK are also updated.