Patches address vulnerabilities in Acrobat and Reader

Adobe issues critical security updates

Adobe has issued an update that addresses 18 vulnerabilities in Adobe Reader 9.3.2 and Acrobat 9.3.2.

Several of the security patches were listed as critical which means that the flaws could be used as a vector to take over a computer system via malicious exploits. The update wasn’t due until the 13th of July but reports surfaced of remote execution attacks having already appeared in the wild. The new updates apply to PC, Mac and Linux software. 

Adobe has of late had difficulty in addressing a raft of vulnerabilities with period updates and has been previously forced to issue urgent out of cycle updates, most recently a Flash player issue on the 24th of this month – again following exploits of Flash Player and earlier appearing on the web which forced the company to rush out a patch in five days.

The security of Adobe’s software is of paramount performance to any Internet-browsing computer system due to the way that both Reader and Flash are installed as plug-ins to the web browser and thus exposed to potential malicious attacks that may be present on web pages.

Adobe has also made changes to the Adobe Updater installed when users install any of the popular Adobe software but last month Kaspersky Lab researcher Roel Schouwenberg criticised the Updater as insufficient since the Updater merely downloads updates but doesn’t automatically apply them.

“If they are really serious about changing the threat landscape and making the product less vulnerable to attack then they need to enable automatic updates. There is simply no other way," said Schouwenberg.

Check Also

Kyndryl and Elastic Partner on Data Observability, Search and Insights

Kyndryl and Elastic have expanded their global partnership to provide customers full-stack observability, enabling them …