Adobe Systems has issued an out-of-band security update to patch two critical vulnerabilities in Adobe PDF and Reader.
The update fixes a critical vulnerability in Adobe Reader and Acrobat versions 9.3 and 8.2 for Windows, Mac and Unix users that could be leveraged to subvert the domain sandbox and make unauthorized cross-domain requests. A second vulnerability could be exploited to cause the applications to crash and potentially allow an attacker to take control of a vulnerable system.
The patch appears to be related to an update issued last week for Adobe Flash Player. That update plugged a hole that could also be used to make cross-domain requests, and according to Adobe affected Adobe Flash Player version 10.0.42.34 and earlier.
For more on Adobe’s approach to security, read eWEEK’s discussion with Brad Arkin, Adobe’s director of product security and privacy.