Adobe on Thursday patched a critical bug in Adobe Reader, its popular PDF viewer. Hackers have already begun exploiting the bug in malicious PDF files, Adobe confirmed.
According to "Computer World", Adobe owned up to a Flash Player flaw last week after an independent researcher found exploits in embedded Flash files within Microsoft Word and Excel files attached to emails. It was the second time in four weeks that Adobe had to acknowledge a Flash "zero-day," or unpatched vulnerability that hackers were exploiting. The Flash bug also existed in Adobe Reader and Acrobat, both of which include code that renders Flash content inserted into PDF files.
Adobe shipped a patched version of Flash Player on April 15. At that time, Adobe said it would fix Reader and Acrobat sometime during the week of April 25.
Since last week, attacks have appeared that exploit the bug in Reader and Acrobat, Adobe said on Thursday. "There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat," Adobe said in today's security advisory.
Today's Reader and Acrobat updates also patch a second critical vulnerability that Adobe said has not yet been exploited in the wild. The patched versions of Reader and Acrobat can be downloaded from Adobe's support site. Alternately, users can run the programs' integrated update tool or wait for the software to prompt them that a new version is available.
- 2