Adobe issued critical updates Tuesday for its Reader and Acrobat PDF software packages.
Mac and Windows users of Adobe Reader XI (11.0.08) and earlier versions should update to version 11.0.09. Adobe Reader X (10.1.11) users who can’t upgrade can get a patched version of the earlier release, version 10.1.12.
Users of Adobe Acrobat XI (11.0.08) and earlier versions should update to version 11.0.09.
Applying the patches will involve a system restart.
Adobe’s advisory said the software patches eight vulnerabilities, five of which could lead to code execution. The remaining three bugs involve a sandbox bypass vulnerability, a crashing (denial of service) risk and a cross-site scripting flaw.
With the level of sophistication it takes to put together patches, that is why Adobe delayed by seven days Reader and Acrobat patches, original scheduled for September 10.
Adobe’s official explanation was that the Reader and Acrobat patches were “delayed to address issues identified during regression testing,” which could mean the original version of the patches introduced new faults.