Adobe released more than a dozen security patches that fix vulnerabilities in both Reader and Acrobat as part of the company’s regular quarterly update. Adobe also updated its list of trusted certificate authorities in the wake of the DigiNotar breach.
Adobe issued a total of 13 patches addressing critical security issues on Sept. 13. The flaws were identified in Adobe Reader X (10.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.2 and earlier for UNIX and Acrobat X (10.1) for Windows and Macintosh, according to the the security bulletin. The vulnerabilities could cause the application to crash and potentially allow a remote attacker to take control of the system.
"The bad news is that most of them could result in the worst kind of security outcome - remote code execution," said Andrew Storms, director of security at nCircle. The update was "a 'classic' Adobe patch" in that there was "very little information" about the bugs being fixed in the patch, Storms added.