Adobe Systems patched 23 flaws in Reader and Acrobat today, including two the company warned about last month.
“Today’s updates resolve critical vulnerabilities in Adobe Reader 9.3.4 (and earlier versions) for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.4 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.4 (and earlier versions) and Adobe Acrobat 8.2.4 (and earlier versions) for Windows and Macintosh,” according to Adobe.
“These vulnerabilities, including CVE-2010-2883 (referenced in Security Advisory APSA10-02) and CVE-2010-2884 (referenced in the Adobe Flash Player Security Bulletin APSB10-22), could cause the application to crash and could potentially allow an attacker to take control of the affected system,” the company added.
Just two of the vulnerabilities are known to be under attack in the wild. One is CVE-2010-2883, which the company first warned about Sept. 8. If exploited successfully, the flaw could allow an attacker to take control of a vulnerable system. Also under attack is CVE-2010-2884, which Adobe also warned about in September. However, attackers have not targeted that bug on Adobe Reader or Acrobat, just Adobe Flash Player, which has also been patched.