Adobe has announced it will address several vulnerabilities in its Reader and Acrobat software in is next quarterly...
security update on 14 June.
All the vulnerabilities being patched are rated critical, said Adobe in its pre-notification Security Advisory.
Adobe defines critical vulnerabilities as those which would allow attackers to execute malicious code.
The patches will fix bugs in Adobe Reader X and Acrobat X as well as versions 9.4.3 and earlier for both Windows and Mac OS X, according to the pre-notification, but Adobe Reader for Android is not mentioned.
The update will address some long outstanding vulnerabilities, but Adobe has released a number of unscheduled patches in the past few months, including one just a few days ago for Flash Player to patch a zero-day cross-site scripting vulnerability.
The company noted the cross-site scripting flaw also affected the authplay.dll component in Reader and Acrobat. This particular issue is supposed to be fixed for Reader and Acrobat X and earlier 10.x and 9.x versions for both Windows and Mac OS X in the coming quarterly update.
In March and April, Adobe issued out-of-band updates for all versions except Reader and Acrobat X, to close security holes that allowed attackers to embed malicious Flash code into other documents.
The company delayed updates to these two applications to the scheduled quarterly update because their sandbox architecture prevented the rogue Flash files from executing, reducing the risk.
Summary: Affected software versions
Adobe Reader X (10.0.1) and earlier versions for Windows
Adobe Reader X (10.0.3) and earlier versions for Macintosh
Adobe Reader 9.4.3 and earlier versions for Windows and Macintosh
Adobe Acrobat X (10.0.3) and earlier versions for Windows and Macintosh
Adobe Acrobat 9.4.3 and earlier versions for Windows and Macintosh