Adobe to issue further Reader and Acrobat patches

Adobe Flash Player 10.0.42.34 and earlier versions are affected by the latest flaw

Barely a month after Adobe issued a fix to mend a critical flaw in its Reader and Acrobat products, the company has been forced to rush out another owing to a serious bug in its Flash Player, which received a patch yesterday.

Adobe said in a security bulletin that the vulnerability, identified in Adobe Flash Player version 10.0.42.34 and earlier, could be used by attackers to trick a web browser into executing code remotely.

This means that the browser could make an unauthorised cross domain request and directly install unauthorised software onto users' machines. Such flaws are commonly exploited by malware writers.

The Reader and Acrobat patches are due next Tuesday, as the products are also susceptible to the Flash Player flaw. Adobe usually issues security updates for its software on a quarterly basis.

But the problem is that hackers could understand the nature of the Reader and Acrobat bugs by examining the Flash Player patch and use the information to attack them, although Adobe said that it was not aware of any such activity to date.

Users concerned about the Flash Player flaw being exploited could mitigate the threat by opening documents outside their browser, the company added.

Adobe issued a critical security update addressing eight vulnerabilities in its Reader and Acrobat 9.2 builds for the Mac, Windows and Unix in mid-January. Six of the vulnerabilities, if exploited, would also enable attackers to undertake remote code execution on targeted systems.

The security of Adobe's software has come under greater scrutiny over the past year as attackers have increasingly exploited such vulnerabilities to hack into computers.