Adobe today released eight security patches for Acrobat and Reader that address vulnerabilities which could allow attackers access to computers should a user open a malicious PDF file.
The updates are categorised as priority one, meaning Adobe considers them critical. One flaw on Windows that is being plugged allows for a sandbox bypass, which in turn can be used to elevate attackers' privileges.
On OS X, two memory corruption issues are being fixed along with a universal cross-scripting vulnerability.
A use-after-free flaw and potential denial-of-service vulnerabilities are also being addressed by the latest batch of patches.
The updates were originally scheduled to be released last week but were delayed due to issues with regression testing, which saw Adobe release just an updated Flash Player.
Patches are provided for Windows and Macintosh running versions:
- Adobe Reader XI (11.0.08) and earlier 11.x versions for Windows
- Adobe Reader XI (11.0.07) and earlier 11.x versions for Macintosh
- Adobe Reader X (10.1.11) and earlier 10.x versions for Windows
- Adobe Reader X (10.1.10) and earlier 10.x versions for Macintosh
- Adobe Acrobat XI (11.0.08) and earlier 11.x versions for Windows
- Adobe Acrobat XI (11.0.07) and earlier 11.x versions for Macintosh
- Adobe Acrobat X (10.1.11) and earlier 10.x versions for Windows
- Adobe Acrobat X (10.1.10) and earlier 10.x versions for Macintosh
Adobe recommends users update their product installations to the latest versions:
