Adobe slates critical Reader security update for Tuesday

Adobe logo and products reflected in displays.
Credit: Reuters / Dado Ruvic

Will patch both Reader and Acrobat, but will not fix Flash this month, a first for 2014

Adobe yesterday said it would issue security updates next week for its PDF viewer, Reader, and for its PDF creator, Acrobat, to fix critical flaws in the software on Windows and Apple's OS X.

But it won't be updating Flash Player, its ultra-popular media playing program. If that holds through the end of the month -- if Adobe does not have to issue an "out-of-cycle," or emergency, patch -- it would be a first for 2014.

The San Jose-based company has taken to mimicking Microsoft in both delivering security updates on the second Tuesday of each month -- what most call "Patch Tuesday," but which Microsoft prefers to dub "Update Tuesday" -- and issuing advance notifications of those updates on the prior Thursday.

Adobe Reader 10 and 11 will be patched on Windows and OS X, Adobe said, as will Acrobat 10 and 11.

The updates will be marked critical, Adobe's highest threat ranking, which indicates that the vulnerabilities, if successfully exploited by cybercriminals, could be used to hijack a personal computer and inject malware into the machine.

Adobe relies on the same four-step threat rating system that Microsoft created, which runs from critical and important to moderate and low. Although Adobe did not disclose details of the upcoming updates -- again, hewing to Microsoft's practice -- it assigned "Priority 1" to the patches.

"This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild," Adobe states on a page that defines priority levels. "Adobe recommends administrators install the update as soon as possible (for example, within 72 hours)."

Adobe last patched Reader and Acrobat on Aug. 12. The company has fixed flaws in the programs three different times this year.

Adobe Flash Player, which is more widely installed and used than Reader, will not be patched next week. Since the start of 2014, Adobe has released 10 security updates for the frequently-targeted Flash Player, with at least one each month.

The Reader and Acrobat updates will ship on Sept. 9, the same day Microsoft will issue four security updates for Windows, Internet Explorer, .Net Framework and Lync Server.

Join the discussion
Be the first to comment on this article. Our Commenting Policies