Adobe warns of new Reader, Flash holes

Adobe Systems issues security patches for new hole in Flash Player and says it will patch a new vulnerability in Reader next week.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

Feb. 11, 2010 2:44 p.m. PT

Adobe Systems on Thursday warned of new critical holes in Reader and Flash Player, released a security update for the Flash hole, and said a patch for Reader would come next week.

Updates for the following software are coming on Tuesday, according to Adobe's prenotification security advisory:

Reader 9.3 for Windows, Mac, and Unix
Acrobat 9.3 for Windows and Mac
Reader 8.2 for Windows and Mac
Acrobat 8.2 for Windows and Mac

The Tuesday updates will also address the Flash issue, Adobe said.

Meanwhile, the company released a security update to fix a hole in Flash Player version 10.0.42.43 (and earlier versions) that could "subvert the domain sandbox and make unauthorized cross-domain requests," according to a security bulletin.

Adobe recommends that users update to Flash Player 10.0.45.2 and update to AIR version 1.5.3.1930.

The company also issued a security bulletin to resolve an important vulnerability in BlazeDS 3.2 and earlier, which also affects LiveCycle, Flex Data Services, and ColdFusion.