JOINING Microsoft and Oracle, graphics design software maker Adobe has also rolled out its first Patch Tuesday for January addressing some critical bugs in Adobe Reader, Acrobat and Flash Player.
The Reader and Acrobat flaws impact both Windows and Mac OS X versions of the PDF handling software with a "Priority rating" of one, the firm's most serious rating.
"This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform," Adobe said in its security bulletin summary. "Adobe recommends administrators install the update as soon as possible, for example, within 72 hours."
The patch, which includes updates to Reader version 11, Reader 10, Acrobat 11 and Acrobat 10 for both Windows and Mac, addresses vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. It also resolves memory corruption vulnerabilities that could lead to code executions outlined in bulletins CVE-2014-0493 and CVE-2014-0495, and a use-after-free vulnerability that could lead to code execution detailed in bulletin CVE-2014-0496.
The company has also released security updates for Adobe Flash Player 11.9.900.170 and earlier versions for Windows and Mac OS X and Adobe Flash Player 18.104.22.1682 and earlier versions for Linux.
Security experts have confirmed that the flaws should be patched as soon as possible.
"If you are responsible for one of the many millions of computers around the world running Adobe software, you need to make sure that the latest security updates are being installed," said security consultant Graham Cluley on his blog.
A Kaspersky lab security researcher added, "Given the severity of the vulnerabilities we recommend applying these patches as soon as possible." µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted