Adobe on Tuesday released a security bulletin that includes fixes for 28 vulnerabilities in Adobe Reader and Acrobat, including a critical hole that has reportedly been exploited in the wild in limited attacks.
Affected software includes version 9.1.3 of Reader and Acrobat; Acrobat 8.1.6 for Windows, Macintosh, and Unix; and version 7.1.3 of Reader and Acrobat for Windows and Macintosh. The vulnerabilities could cause the applications to crash and could allow an attacker to take control of a user's computer.
Adobe recommends that people update to Adobe Reader 9.2 and Acrobat 9.2, or Acrobat 8.1.7 or Acrobat 7.1.4. For Adobe Reader users who cannot update to Adobe Reader 9.2, Adobe has provided the Adobe Reader 8.1.7 and Adobe Reader 7.1.4 updates.
"All users of Adobe Reader or Acrobat will need to update their software with today's release because these updates include fixes for the most critical kind of bugs," said Andrew Storms, director of security operations at nCircle.
This is Adobe's second quarterly security update for Adobe Reader and Acrobat.
Also, Microsoft issued a security advisory with a record number of bulletins, including the first fixes for critical holes in Windows 7.