Adobe fixes 28 holes in Reader and Acrobat

Adobe's second quarterly update for Reader and Acrobat plugs 28 holes, including one that is being exploited in attacks.

Adobe on Tuesday released a security bulletin that includes fixes for 28 vulnerabilities in Adobe Reader and Acrobat, including a critical hole that has reportedly been exploited in the wild in limited attacks.

Affected software includes version 9.1.3 of Reader and Acrobat; Acrobat 8.1.6 for Windows, Macintosh, and Unix; and version 7.1.3 of Reader and Acrobat for Windows and Macintosh. The vulnerabilities could cause the applications to crash and could allow an attacker to take control of a user's computer.

Adobe recommends that people update to Adobe Reader 9.2 and Acrobat 9.2, or Acrobat 8.1.7 or Acrobat 7.1.4. For Adobe Reader users who cannot update to Adobe Reader 9.2, Adobe has provided the Adobe Reader 8.1.7 and Adobe Reader 7.1.4 updates.

One of the updates addresses a hole that Trend Micro says has been exploited by a Trojan horse that arrives as a PDF file containing malicious JavaScript. That exploit affects Microsoft Windows 98, ME, NT, 2000, XP, and Server 2003, according to Trend Micro.

"All users of Adobe Reader or Acrobat will need to update their software with today's release because these updates include fixes for the most critical kind of bugs," said Andrew Storms, director of security operations at nCircle.

This is Adobe's second quarterly security update for Adobe Reader and Acrobat.

Also on Tuesday , Microsoft issued a security advisory with a record number of bulletins, including the first fixes for critical holes in Windows 7.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Love heavy and clunky tablets?

Said no one ever. CNET brings you the lightest and thinnest tablets on the market.