Adobe closes 14 holes in Reader and Acrobat
Adobe has released new versions of Reader and Acrobat to close several critical security holes. Versions 10.x, 9.x and 8.x of both products for Windows, Linux and Mac are affected. Adobe recommends that Reader X and Acrobat X users update to version 10.1.1 as this version offers added protection under Windows through its sandbox. However, the vendor has also made Adobe Reader 9.4.6 and 8.3.1, as well as Adobe Acrobat 9.4.6 and 8.3.1, available to download. Adobe Reader 9.4.6 for UNIX is due to be released on 7 November.
As previously announced, version 10.x offers an updated Adobe Approved Trust List (AATL) from which Adobe has removed all DigiNotar certificates. The 9.x versions don't yet dynamically update the AATL; this feature is planned to be included in future versions. Until then, users are advised to manually delete the certificates – Adobe has released instructions on how to do so.
A previous update for an Adobe product had attracted criticism from security specialists who said that Adobe had tried to cover up the real number of holes it closed. Adobe had only mentioned 13 holes when describing a Flash Player update, but security specialist Tavis Ormandy, who works for Google, pointed out that more than 400 holes had been closed.