The versions affected include Adobe Reader X (10.0.1) for Windows and Adobe Reader X (10.0.3) for Macintosh; Adobe Reader 9.4.3 and earlier versions for Windows and Macintosh; Adobe Acrobat X (10.0.3) for Windows and Macintosh; and Adobe Acrobat 9.4.2 and earlier versions for Windows and Macintosh.
“Adobe has some outstanding vulnerabilities they have been waiting to address until the next scheduled quarterly update,” commented Jason Miller, a data team manager at Shavlik Technologies.
Adobe has been busy patching flaws in its Reader, Acrobat, and Flash products. Earlier this week, the company patched a zero-day flaw, discovered in the wild, that could be used by an attacker to trick a user into clicking on a malicious link in an email.
Adobe said the flaw affects Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android.
In March, Adobe delivered an emergency fix for Flash, Reader, and Acrobat. The flaw had been exploited in the wild via targeted attacks using malicious Flash files embedded in Excel files and attached to emails.