Adobe has released an update for Acrobat and Reader that fixes two critical vulnerabilities that could cause crashes or allow hackers to gain control of an affected computer.
The fix involves an update for Acrobat and Reader 9.4.6 or older to 9.4.7, patching the holes in the software for Windows computers, but leaving the Mac and Unix versions still vulnerable.
Acrobat and Reader X have also not received a patch, primarily because Adobe believes there is no immediate risk from the vulnerability to computers with version 10.1.1 installed, due to Protected Mode and Protected View.
The company is still planning to address the problem for Acrobat and Reader X and the Mac and Unix older versions, but only in its next quarterly security update, currently scheduled for 10 January.
Adobe claims that Reader for Android and Flash Player are not affected by the vulnerabilities.
The security holes were found by Lockheed Martin CIRT, Mitre and members of the Defence Security Information Exchange, who identified two memory corruption vulnerabilities affecting the U3D and PRC components, which allowed for execution of code.
Security firm Sophos has reported incidents of spam emails with malicious PDF attachments that exploit these vulnerabilities, making it essential that users update their software as soon as possible.
The update will be automatically downloaded for those who have the setting enabled or it can be downloaded from the Adobe security web site.
Apple, Samsung, Google and others rush to go ever-higher upmarket is putting off potential customers
Laser tech can charge mobile phones from across a room
AMD's Zen chip roll-out continues with the focus on high-power embedded applications
And becomes the team's executive chairman to boot