Adobe joined the Patch Tuesday barrage late yesterday, dropping fixes for a pair of code execution holes affecting its Adobe Reader and Acrobat products.
[ SEE: Exploit posted for brand-new Adobe PDF zero-day ]
The critical update (APSB09-06) addresses a publicly known vulnerability that was being exploited with booby-trapped PDF files.
From Adobe's bulletin:
A critical vulnerability has been identified in Adobe Reader 9.1 and Acrobat 9.1 and earlier versions. This vulnerability (CVE-2009-1492) would cause the application to crash and could potentially allow an attacker to take control of the affected system. A second vulnerability has also been reported that appears to affect Adobe Reader for UNIX only (CVE-2009-1493). These issues are remotely exploitable.
Adobe recommends users of Acrobat and Adobe Reader update their product installations to versions 9.1.1, 8.1.5, or 7.1.2 using the instructions above to protect themselves from potential vulnerabilities.
Mac users will have to wait a while longer for this fix:
Adobe expects to make available Adobe Reader 7 and Acrobat 7 updates for Macintosh before the end of June.
Yesterday was quite a banner day for security patches. First, Microsoft dropped a major PowerPoint update to correct 14 documented security flaws and, later in the day, Adobe shipped fixes for a whopping 67 vulnerabilities affecting Mac OS X and Safari.