The announcement brings patch updates for both Reader and Acrobat; Flash Player received a patch earlier in the month. Adobe recommends all users running Reader or Acrobat 9 or later update to 9.4.1, while users running Flash Player 10.1.85.3 are encouraged to update to 10.1.102.64.
The issue is described by Adobe as a “critical vulnerability [that] could cause a crash and potentially allow an attacker to take control of the affected system.” It was first highlighted in late October; subsequently, the company has been rolling out patches for each of its affected programs. According to Adobe, attacks exploiting this issue have so far only been leveraged against Reader and Acrobat (version 9 or later), but Flash Player and Adobe AIR are equally vulnerable.
To install the Reader and Acrobat patches, users can run Adobe’s built-in updater by going to the programs’ Help menu and selecting Check for Updates. Alternatively, the patches are available directly from Adobe’s website for Reader and Acrobat; the latest Flash Player version can be only be installed from Adobe’s website.