Adobe fixes critical vulnerability in Acrobat and Reader as exploits begin

Adobe has released updates to Adobe Acrobat and Reader, fixing a critical vulnerability discovered last week in Adobe Flash 10.2. The vulnerability, which has since been fixed in a Flash update, could potentially allow an attacker to take control of a system by triggering a crash. Acrobat and Reader were also affected via authplay.dll which is included in the products, as the vulnernability may be triggered by embedded Flash in a PDF document. Another exploit, which has not been used in-the-wild, has also been patched. Adobe's patch comes a few days ahead of schedule.

The affected products are:

  • Adobe Reader X 10.0.1 and earlier versions for Windows
  • Adobe Reader X 10.0.2 and earlier versions for Mac OS X
  • Adobe Acrobat 10.0.2 and earlier versions for Windows and Mac OS X

Unaffected products are:

  • Adobe Reader 9.x for Unix
  • Adobe Reader for Android
  • Adobe Reader and Acrobat 8.x

According to Computerworld, a few in-the-wild cases of malicious PDFs containing the exploit have been spotted already. Documents containing the exploit are being circulated via emails purporting to come from New York Times editors. claim to offer information about China, Russia, the Middle East, and the Obama administration. The culprits are believed to be from servers in Utah and China. The vulnerability's impact on Adobe Reader X for Windows is limited, as the Windows version has an exclusive Protected Mode that limits damage from exploit code.

The security advisory may be read here. Mac users may download the update here, and Windows users of Adobe Reader 9.x may download the update here. Please note that Windows users of Adobe Reader X will have to wait until the next quarterly update scheduled for mid-June, and thus cannot download an update for the time being.

Report a problem with article
Previous Story

Greenpeace: Apple, Facebook, and Twitter fail at "green" energy

Next Story

Rumour: Smaller, rackmountable Mac Pro on the way


Commenting is disabled on this article.

Even though Adobe Reader X has protected mode, it only stops the exploit, not fixing the core issue, hence the patch should be released asap. earlier versions should either upgrade to newer version or be forced to wait.

We need to find alternative of Flash . Flash is one of the worst product by Adobe. As far as reader, I am glad to use Foxit reader.

Protected Mode prevents this exploit, hence the delayed update for Windows.

I wish they'd take the time to fix the scroll bar in the Adobe Reader X browser plugin. It doesn't move unless until one moves one's mouse over it. Very frustrating.

So that makes sense Adobe: let's patch the legacy version first and make customers of your latest product wait an additional 2 months, while in the mean time they remain at risk to your security hole-ridden software. XPS and Silverlight are looking better and better every day.

For the Windows version of Adobe Reader X, just make sure you leave Protected Mode enabled. That is why they aren't rushing out a fix for it and keeping to their planned release schedule.

Adobe has released updates to Adobe Acrobat and Reader, fixing a critical vulnerability discovered last week in Adobe Flash 10.2.

It's 10.0.2, not 10.2

You've got your Windows and Mac links mixed up.

Anyway I'm glad they are patching version 9 because I really hate X.