Adobe said the vulnerabilities were identified in Adobe Reader 9.4 and earlier versions for Windows, Macintosh, and UNIX, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh. Adobe Reader for Android is not affect by the vulnerabilities addressed in this update.
The company said that the security updates address CVE-2010-3654 noted in Security Advisory APSA10-05 and CVE-2010-4091 referenced in the Adobe blog (Potential issue in Adobe Reader), as well as an Adobe Flash Player vulnerability noted in Security Bulletin APSB10-26.
Adobe recommends users of Adobe Reader 9.4 and earlier versions for Windows and Macintosh update to Adobe Reader 9.4.1, available now. Adobe recommends users of Adobe Reader 9.4 and earlier versions for UNIX update to Adobe Reader 9.4.1, expected to be available on November 30, 2010. Adobe recommends users of Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh update to Adobe Acrobat 9.4.1.
Adobe said it has received reports that there are exploits in the wild against Adobe Reader and Acrobat 9.x for CVE-2010-3654. The company said it is working with partners in the security community to enable them to develop detection and quarantine methods to protect them until the updates are installed on their systems.
The next quarterly security updates for Adobe Reader and Acrobat are scheduled for February 8, 2011.