Adobe has issued an update that addresses 18 vulnerabilities in Adobe Reader 9.3.2 and Acrobat 9.3.2.
Several of the security patches were listed as critical which means that the flaws could be used as a vector to take over a computer system via malicious exploits. The update wasn’t due until the 13th of July but reports surfaced of remote execution attacks having already appeared in the wild. The new updates apply to PC, Mac and Linux software.
Adobe has of late had difficulty in addressing a raft of vulnerabilities with period updates and has been previously forced to issue urgent out of cycle updates, most recently a Flash player issue on the 24th of this month – again following exploits of Flash Player 10.0.45.2 and earlier appearing on the web which forced the company to rush out a patch in five days.
The security of Adobe’s software is of paramount performance to any Internet-browsing computer system due to the way that both Reader and Flash are installed as plug-ins to the web browser and thus exposed to potential malicious attacks that may be present on web pages.
Adobe has also made changes to the Adobe Updater installed when users install any of the popular Adobe software but last month Kaspersky Lab researcher Roel Schouwenberg criticised the Updater as insufficient since the Updater merely downloads updates but doesn’t automatically apply them.
“If they are really serious about changing the threat landscape and making the product less vulnerable to attack then they need to enable automatic updates. There is simply no other way," said Schouwenberg.