Adobe plugs 23 holes in Reader, Acrobat

Several of the more than two dozen vulnerabilities fixed today have been exploited in attacks on computers.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

Oct. 5, 2010 5:02 p.m. PT

As expected, Adobe released updates for Reader and Acrobat today that fix 23 holes in the popular PDF-viewing programs, including two that are actively being exploited in attacks that could allow someone to take control of the computer.

One of the critical vulnerabilities is being used in attacks against Reader and Acrobat; the other, fixed in an emergency update late last month, targets Flash Player.

The updates affect Adobe Reader 9.3.4 for Windows, Macintosh, and Unix; Adobe Acrobat 9.3.4 for Windows and Macintosh; and Adobe Reader 8.2.4 and Acrobat 8.2.4 for Windows and Macintosh to resolve issues in Reader, Acrobat, and Flash Player. Details are in the latest security advisory.

The next quarterly security updates for Adobe Reader and Acrobat are scheduled for February 8, 2011.