Adobe issued the promised fixes for Reader and Acrobat within its self-imposed timetable, but ahead of its regularly planned quarterly update scheduled for October 12. The exploits affecting Adobe Reader and Acrobat were outlined by security researcher Charlie Miller at last month’s Black Hat conference in Las Vegas.
Adobe acknowledged the ‘critical’ flaw – which causes an integer overflow error in the way the PDF reader parses fonts – shortly after the findings were publicized, prompting the company to undertake the out-of-band fix.
The patch will update Adobe Reader 9.3.3 for Windows, Mac, and UNIX, in addition to Adobe Acrobat 9.3.3 for Windows and Mac. Also affected by the updates are Adobe Reader 8.2.3 and Adobe Acrobat 8.2.3, both for Windows and Mac.
An update was also included for Adobe Flash Player version 10.1.53.64 and earlier, which address critical vulnerabilities the company discussed in an August 10 security bulletin. These vulnerabilities could cause Flash Player to crash and allow a hacker to take control of a system.