Adobe Inc. said on Friday that it is planning to release an out-of-cycle update to fix critical security holes in its Reader and Acrobat products, including a fix for a newly disclosed hole that is already being exploited in the wild.
In a post on the company’s Product Security Incident Response Team (PSIRT) blog, Adobe said the security patches are scheduled for release on Tuesday, November 16 and will fix both the Flash flaw that was discovered in late October when it began to be exploited in attacks on the company’s Reader application.
Adobe said on November 2 that it would accelerate its typical quarterly patch to address the Flash problem, in particular, and issued a temporary patch for Flash Player and Adobe Air on November 4.
The patch due next week offers updates for Adobe Reader Version 9.4 and earlier for the Windows, Apple Macintosh and UNIX platforms and Adobe Reader Version 9.4 for Windows and Macintosh. The patches wrap in the emergency patch from November 4 and includes fixes for vulnerabilities described in Adobe’s October 28 Security bulletin.
The company said it would have an
update for UNIX versions of its products on Monday, November 30, 2010. Adobe’s next quarterly patch is due on February 8, 2011.