Adobe Systems is patching vulnerabilities impacting Adobe Reader and Acrobat to fend off attackers.
Adobe is issuing the updates Oct. 5, a week ahead of its regular schedule. The first of the updates addresses a problem in Adobe Flash Player that also affects Reader versions 9.3.4 and earlier on Windows, Mac and Unix systems and Adobe Acrobat 9.3.4 and earlier for Windows and Macs.
Adobe patched the flaw on Flash Player earlier in September as attacker began to actively exploit the vulnerability in the wild.
The company has plans to update Adobe Reader and Acrobat to fix a separate vulnerability that it first issued an advisory about Sept. 8. The issue is caused by a boundary error within the font parsing in CoolType.dll and can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted PDF file.
That vulnerability-which affects Adobe Reader versions 9.3.4 and earlier for Windows, Macintosh and Unix-could cause a crash and potentially allow an attacker to take control of a vulnerable system. The vulnerability also affects Acrobat 9.3.4 and earlier for Windows and Macs, and is being exploited in the wild. For mitigation, Microsoft and Adobe have suggested using Microsoft’s Enhanced Mitigation Experience Toolkit 2.0.