Adobe slips out major security update

Adobe has fixed a zero-day flaw that was already being exploited

Adobe has released a huge patch to fix flaws in Reader and Acrobat. The company said in a security advisory that the patches cover heap, integer and buffer overflow vulnerabilities, as well as memory corruption issues that could be used in a denial-of-service attack.

The patches are for Adobe Reader 9.1.3 and Acrobat 9.1.3; Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Macintosh and Unix; and Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh.

Adobe has also included a fix for a zero-day flaw that was being exploited by malware writers.

"Adobe may be catching up with Microsoft in terms of flaws in its software, but they could tear a few pages from Microsoft's playbook on how to cope," said Chester Wisniewski, senior security advisor at Sophos, in a blog post.

"Microsoft has taken security much more seriously in the last year and a half, and it shows. They are embracing the community's demands about openness and reliability, delivering updates to IT departments in a predictable way."