Adobe has released an update for Acrobat and Reader that fixes two critical vulnerabilities that could cause crashes or allow hackers to gain control of an affected computer.
The fix involves an update for Acrobat and Reader 9.4.6 or older to 9.4.7, patching the holes in the software for Windows computers, but leaving the Mac and Unix versions still vulnerable.
Acrobat and Reader X have also not received a patch, primarily because Adobe believes there is no immediate risk from the vulnerability to computers with version 10.1.1 installed, due to Protected Mode and Protected View.
The company is still planning to address the problem for Acrobat and Reader X and the Mac and Unix older versions, but only in its next quarterly security update, currently scheduled for 10 January.
Adobe claims that Reader for Android and Flash Player are not affected by the vulnerabilities.
The security holes were found by Lockheed Martin CIRT, Mitre and members of the Defence Security Information Exchange, who identified two memory corruption vulnerabilities affecting the U3D and PRC components, which allowed for execution of code.
Security firm Sophos has reported incidents of spam emails with malicious PDF attachments that exploit these vulnerabilities, making it essential that users update their software as soon as possible.
The update will be automatically downloaded for those who have the setting enabled or it can be downloaded from the Adobe security web site.
Microsoft receives a 30 per cent cut of all purchases on the Xbox digital store
Credit card thieves used Apple ID accounts to buy and sell virtual currency for Clash of Clans and Clash Royale and Marvel Contest of Champions
$5.1bn fine further evidence that the EU is anti-US, claims Trump
New cable will connect Virginia to France