Adobe's security teams continue to stay very busy in 2011.
This week, Adobe provided a pair of updates for its Acrobat and Reader platforms, for flaws that were first publicly reported on April 11. Those flaws also included vulnerabilities in Adobe's Flash Player, which Adobe fixed on April 15.
The new Adobe Reader 9.4.4 and Adobe Acrobat X 10.0.3 updates delivered this week on Thursday, provide the final elements of the fix.
"A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems," Adobe warned in its April 11th advisory.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
The flaws could have enabled an attacker to crash and take control of a vulnerable computer. Adobe also warned that it was aware of reports that the vulnerabilities were being actively exploited in the wild.
The attacks were coming by way of a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered in an email attachment.
The Adobe Reader and Acrobat updates came outside of the normal cycle of patch updates from Adobe. The next quarterly security update from Adobe is currently scheduled for June 14th.