Adobe Preps Reader, Acrobat Security Updates

Adobe Systems is releasing an out-of-cycle security patch to address flaws in Adobe Reader and Acrobat, including one that has been under attack.

Adobe Systems plans to release an out-of-bad security update next week to patch security vulnerabilities in Adobe Reader and Acrobat.

Among the fixes is a patch for an Adobe Flash Player flaw that impacts a component of Adobe Reader and Acrobat and has been the subject of attacks. According to Adobe, the issue - which was already patched in Flash Player - affects the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, as well as Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems.

Also included will be a patch for a denial-of-service issue discovered in Reader, according to the company. Details of the flaw were posted last week on the Full Disclosure security mailing list. Adobe provided information about mitigations for the issue here.

The patches will be released Nov. 16. The update will be for versions 9.4 and earlier 9.x editions of Adobe Reader and Acrobat for Windows and Macintosh systems. An update for UNIX versions of its products is slated to come on Nov. 30, the company stated. The company's next quarterly patch is due on Feb. 8, 2011.

It has been a busy year for Adobe in the area of security. In the past several weeks, the company has issued updates to cover issues in Flash, Reader, Acrobat and Shockwave Player.