Adobe warns of new Reader, Flash holes

Adobe Systems issues security patches for new hole in Flash Player and says it will patch a new vulnerability in Reader next week.

Elinor Mills
Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

Adobe Systems on Thursday warned of new critical holes in Reader and Flash Player, released a security update for the Flash hole, and said a patch for Reader would come next week.

Updates for the following software are coming on Tuesday, according to Adobe's prenotification security advisory:

  • Reader 9.3 for Windows, Mac, and Unix
  • Acrobat 9.3 for Windows and Mac
  • Reader 8.2 for Windows and Mac
  • Acrobat 8.2 for Windows and Mac

The Tuesday updates will also address the Flash issue, Adobe said.

Meanwhile, the company released a security update to fix a hole in Flash Player version (and earlier versions) that could "subvert the domain sandbox and make unauthorized cross-domain requests," according to a security bulletin.

Adobe recommends that users update to Flash Player and update to AIR version

The company also issued a security bulletin to resolve an important vulnerability in BlazeDS 3.2 and earlier, which also affects LiveCycle, Flex Data Services, and ColdFusion.