Acrobat, Adobe Reader & Flash updated for critical security fixes

In response to two critical vulnerabilities in Acrobat and Adobe Reader 9.3, yesterday Adobe released the 9.3.1 update for both applications; users of the older 8.x versions can update to 8.2.1 to resolve the security issues. One of the two vulnerabilities addressed would allow a malicious PDF to make unauthorized cross-domain requests; the other could crash the PDF application and possibly allow an attacker to gain access to other parts of the system.

The first flaw is related to a Flash Player issue that was revealed last week; if you have not updated Flash to the latest version (10.0.45.2 as of this moment, see your version & current versions here) & you aren't blocking Flash, you should go get the latest build right away. Although you can configure auto-update notifications in Flash Player, it's not clear if Mac OS X clients are consistently getting these reminders to update.

Even though Mac users are far less likely to be targeted by malware than our Windows-using friends and family, vigilance is still critical. Security analysis firm ScanSafe reported that it saw the percentage of exploits delivered via PDF files rise from 56% at the beginning of 2009 all the way up to 80% in the 4th quarter, so keeping those Adobe apps current -- or, better yet, using Apple's Preview app as the default PDF reader on Mac OS X -- is only prudent.