Adobe patches Reader, Acrobat and Flash
On Tuesday, Adobe Systems Inc. issued patches for a five-month old vulnerability in Reader and Acrobat 8.1.2, and today, six critical patches were released for Flash Player 9.
JavaScript vulnerabilities in older versions of Acrobat and Reader could allow remote code execution if not properly patched. This is the fifth update to Reader this year that addresses JavaScript issues. NCircle security expert Andrew Storms told Computerworld in June that Adobe's repeated JavaScript bugs amounted to an epidemic. "Since JavaScript has been a target for so many years, why hasn't Adobe flushed out these vulnerabilities already?" he questioned.
This morning, Adobe issued critical patches for its ubiquitous Flash Player (v. 9.0.124.0), addressing issues that could lead to DNS rebinding attack, HTML injection, or potential information disclosure. Adobe has a page that tells users which version of Flash they're using, to simplify the security update process.
With all of the patches, Adobe recommends that users upgrade to the latest software versions: Adobe Reader 9, Acrobat 9, and Flash 10.