Adobe Matches Microsoft with Massive Patch Update

On the same day Microsoft unloaded a record-breaking 34 fixes, eight of which were listed as critical, Adobe has made a similar gargantuan patch offering. The company, best known for its Reader and Acrobat software, yesterday fixed a total of 29 vulnerabilities, including one labeled critical.

That software covered by the fixes includes version 9.1.3 of both Acrobat and Reader, version 8.1.6 of Acrobat for Windows, Mac, and Unix, and version 7.1.3 of Acrobat and Reader for Windows and Mac. Adobe encourages everyone using its programs to download the update, warning users that if they fail to do so the vulnerabilities could lead to application crashes. In the worst case scenario, the holes could even allow a remote hacker to take control of a computer.

Patch Corrals "Protux" Trojan Horse

Adobe encourages all users of its programs to update to Adobe Reader 9.2. Users of this program whose systems can't make the jump to 9.2 are encouraged to seek out a special version called Adobe Reader 8.1.7 or 7.1.4. Acrobat users should try to get their hands on 9.2, or at the very least version 8.1.7 or 7.1.4.

The most concerning of the vulnerabilities is one that security firm Trend Micro says has already been exploited by hackers. According to Trend Micro, a vulnerability affecting Microsoft Windows 98, ME, NT, 2000, XP, and Server 2003 has already allowed a hacker to use a Trojan horse via PDF file to upload malicious JavaScript. Called "Protux," the Trojan has been used in the past to attack users of Microsoft's Office suite. (Source: computerworld.com)

"Critical bugs," Says Security Expert

Vulnerability management company nCircle is right behind Adobe in recommending users update their systems immediately. "All users of Adobe Reader or Acrobat will need to update their software with today's release because these updates include fixes for the most critical kind of bugs," said nCircle's director of security operations, Andrew Storms. (Source: cnet.com)

A total of four of the bugs addressed by Adobe in the update are exploitable, meaning the Trojan issue might not even be the gravest problem facing Acrobat and Reader users. According to Computerworld, thus far Adobe has admitted that 13 of the 29 patches "could potentially lead to arbitrary code execution," meaning a hacker could take over your system.