Adobe Reader, Acrobat exploits get early fix

The latest versions of Adobe Reader and Acrobat have been patched ahead of schedule to protect users from security exploits being used in the wild

Adobe has issued an out of cycle security update for its Reader and Acrobat software to address critical flaws, one of which is already being used for attacks on users.

Security holes in Adobe's Acrobat and Reader versions 9.x were reported by the company on 4 June, at the same time as similar security concerns with its Flash Player, although that issue was patched within days.

On Tuesday, the company released a patch for its Reader and Acrobat products on the Windows, Mac and Linux platforms to address critical security concerns.

Adobe initially planned the software updates for 13 July, according to its normal schedule, but moved them forward.

"Note that the June 29, 2010 updates represent an accelerated release of the next quarterly security update originally scheduled for July 13, 2010. With this accelerated schedule, Adobe will not release additional updates for Adobe Reader and Acrobat on July 13, 2010," the company said in a blog post.

The release fixes the compromised authplay.dll component in the 9.x version of Reader and Acrobat that has been exploited in the wild, along with 16 other critical flaws that allow an attacker to execute malicious code, the company said. These include many memory corruption vulnerabilities and several invalid pointer bugs, among other types.

Versions 8.x of the Adobe Reader and Acrobat software were confirmed as "not vulnerable" to the attacks in the initial assessment.

The patches are available via the automatic update feature in Reader and Acrobat or via the security bulletin on Adobe's website.