Adobe blocks vulnerabilities in Reader, Flash Player

A fix for Flash Player on Android smartphones is due out Nov. 9.

With a new potential vulnerability announced for Adobe Reader and a new security update to help fix a serious flaw in Adobe Flash Player, last weekend was a busy time for Adobe Systems Inc.

Adobe Reader
The company said it is investigating the publication of a proof-of-concept code demonstrating a denial of service (DoS) attack targeting a zero-day vulnerability in Adobe Reader. The company said it has detected no incidents of the code being used by attackers.

In the meantime, Adobe is recommending users enable the JavaScript Blacklist Framework to prevent attackers from targeting the flaw. The framework was introduced in versions 9.2 and 8.1.7. It allows users to block certain vulnerable APIs without disabling JavaScript altogether.

The framework can be applied to Adobe Reader 9.2 and later, and Adobe Read 8.1.7 and later. Detailed instructions for how to make the changes, for both Windows and Mac systems, are available on the Adobe PSIRT blog.

Adobe Flash Player
Adobe has issued Adobe Flash Player, fixing 18 critical vulnerabilities in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris. The vulnerabilities could cause the application to crash and allow an attacker to execute code to take control of an affected system.

A vulnerability in Adobe Flash Player for Android operating systems will be fixed with an update due to be released Nov. 9.

Read more on Hackers and cybercrime prevention