Adobe patches ‘critical’ vulnerabilities for Reader


23 Aug 2010

Two separate vulnerabilities that Adobe has labelled as ‘critical’ have been fixed today with a patch issued in an update for Adobe Reader.

One of the vulnerabilities was announced at a recent Black Hat event but Adobe says that it was previously aware of this bug, which could potentially lead to remote code execution, as it was informed by Google security engineer Tavis Ormandy.

These bugs, which could be potentially exploited by hackers, affect Adobe Reader 9.3.3 and earlier versions for Windows, Mac and UNIX and Adobe Acrobat 9.3.3 and earlier versions for Windows and Mac.

“These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system,” said Adobe, adding that the updates further mitigate a social engineering attack that could lead to code execution.