Adobe Issues Security Update for Reader, Acrobat
Adobe patches a pair of security vulnerabilities, including one being targeted by attackers.Adobe Systems released a patch today to plug a security hole affecting Adobe Reader that is on the radar of attackers. The update actually fixes two vulnerabilities, though only one is known to be under attack. That vulnerability-a flaw affecting Adobe Reader 9.4.1 and earlier 9.x versions for Windows, Unix and Mac OS X-had been targeted by attackers for the past few weeks. The problem is actually in Reader's authplay.dll component, which is used to render Flash content in PDF files. Adobe first warned users about the bug Oct. 28 and patched the vulnerability in Flash Player earlier this month.
The vulnerability, CVE-2010-3654, could be used to cause a crash and potentially allow an attacker to take control of the affected system, Adobe said in its advisory.