Critical Holes in Reader, Acrobat

Adobe will release Tuesday an update for Adobe Reader (9.5.1) and Acrobat (10.1.3) and earlier versions for Windows and Mac to fix critical security flaws.

The flaws are “critical,” meaning malicious native-code can execute without a user’s knowledge.

RELATED STORIES
Study: Users Slow on Browser Updates
Police Virus Malware Growing
One Attack Starts at Web Site
Beware of Internet Scammers

The pre-notification security advisory warning, APSB12-16, gives few details, except noting the affected software versions and the severity of the security flaws.
• Adobe Reader X (10.1.3) and earlier 10.x versions for Windows and Mac
• Adobe Reader 9.5.1 and earlier 9.x versions for Windows and Mac
• Adobe Acrobat X (10.1.3) and earlier 10.x versions for Windows and Mac
• Adobe Acrobat 9.5.1 and earlier 9.x versions for Windows and Mac

Out of the six versions of Adobe Reader and Adobe Acrobat, four have a priority rating of 2, signifying “a vulnerability that has historically been at elevated risk,” despite “no known exploits.”

However, both products have versions for Windows and Mac that are at rating 1, noting a vulnerability is “being targeted” or at a “higher risk of being targeted.” As users should install these updates within 72 hours of the security fix release.