Adobe has released an out-of-band security update for its Reader and Acrobat products for Windows, Mac OS and...
The emergency patches are for several critical security issues, including a zero-day vulnerability disclosed at the Black Hat USA 2010 security conference. The APSB10-17 release comes ahead of the next quarterly security update for the products, scheduled for 12 October.
"The vulnerability is critical and can be used to take control of the targeted computer and should be addressed as soon as possible," said Wolfgang Kandek, CTO at security firm Qualys, in a blog post.
The update will be made available for Reader 9.3.3 and earlier versions for Windows, Mac OS, Unix, and for Acrobat 9.3.3 and earlier versions for Windows and Mac OS. The patch also includes the update to Flash released last week.
Kandek said Google security engineer Tavis Ormandy discovered the vulnerability before the Black Hat presentation. "It is possible that vulnerabilities are discovered independently, both by security researchers and/or malware writers. Tipping Point's ZDI initiative would be in a position to publish statistics on how often they have such an overlap," he added.
Adobe also announced at the Black Hat conference that it is to join Microsoft's Active Protections Programme (Mapp) later this year.