Adobe has announced that critical vulnerabilities exist in Adobe Reader 9.3 for Windows, Mac and UNIX, Adobe Acrobat 9.3 for Windows, Mac, and Adobe Reader 8.2 and Acrobat 8.2 for Windows and Mac. Adobe users should immediately update to Adobe Acrobat 9.3.1 and Adobe Reader 9.3.1. An additional security flaw has been identified in Adobe Flash Player version 10.0.42.34 and earlier. Adobe Flash Player users should update to Adobe Flash Player 10.0.45.2. Adobe AIR users version 184.108.40.20620 and earlier versions need to update to Adobe AIR 220.127.116.1130.
Adobe Reader and Acrobat Security Flaws
There were two critical security vulnerabilities in Adobe Reader and Acrobat, reference number CVE-2010-0186. The first vulnerability identified is cross-posting or cross-domain request. A malicious attacker injects a script into web pages viewed by a computer user. In the Adobe vulnerability case, an attacker uses a malicious PDF to execute a request and gain access to other parts of the system. A second vulnerability found causes systems to crash. Attackers could gain access to the machine to install malware and other malicious files.
Adobe Flash Player Vulnerability
According to Adobe.com, Adobe Flash Player vulnerability (reference number CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests. It is important to note that Adobe Flash Player only has the cross-domain request vulnerability. The security flaw is still critical enough to require an immediate upgrade to a secure version.
How to Upgrade Adobe Products
Users of Adobe Flash Player 10.0.42.34 and earlier versions can upgrade to the newest version 10.0.45.2 by going to Adobe Flash Player Download Center.
Users of Adobe AIR version 18.104.22.16820 and earlier can update to the newest version 22.214.171.12430 through Adobe AIR Download Center.
Users of Adobe Reader 9.3 and earlier versions for Windows, Macintosh, and UNIX, as well as Adobe Acrobat 9.3 and earlier versions for Windows and Macintosh can update through Adobe Download Center.
An alternative method is to open up each of the Adobe programs affected and utilize automated-update features. Click on “Help” and select “Check for Updates.” The automated-update script will upgrade the program to the latest and secure version. You will need to repeat this with every Adobe program you are trying to update.
Protect your computer further by running an anti-virus and anti-spyware programs at all times.
Acrobat, Adobe Reader & Flash updated for critical security fixes
Adobe Download Center
Report: Malicious PDF files comprised 80 percent of all exploits for 2009
Adobe plugs Reader and Acrobat security holes
Security updates available for Adobe Reader and Acrobat
Security update available for Adobe Flash Player