Adobe patched critical flaws in Adobe Reader X (10.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.2 and earlier versions for UNIX, and Acrobat X (10.1) and earlier versions for Windows and Macintosh, according to the security bulletin.
The company warned that the flaws “could cause the application to crash and potentially allow a remote attacker to take control of the system”.
Given the critical nature of the flaws, Adobe recommended that users “update their software installations” promptly.
Andrew Storms, director of security at nCircle, said that the “bad news” from the update is that most of flaws “could result in the worst kind of security outcome – remote code execution."
Adobe acknowledged a number of individuals and organizations for reporting the flaws: Paul Sabanal and Mark Yason from IBM X-Force Advanced Research, Zhenhua Liu of Fortinet's Fortiguard Labs, Vladimir Vorontsov of ONsec, binaryproof through Tipping Point's Zero Day Initiative, James Quirk of Los Alamos, an anonymous reporter via iDefense Labs, and Tavis Ormandy of the Google Security Team.
Last week, Adobe joined Microsoft, Apple, Mozilla, and others in revoking DigiNotar certificates. DigiNotar is the Dutch certificate authority that issued more than 500 bogus digital certificates in the name of major web properties, as well as intelligence services, such as the CIA, MI6, and Mossad.