Adobe has released security updates for Adobe Reader and Acrobat to resolve two vulnerabilities that could lead to application crash and arbitrary code execution.

Two vulnerabilies identified in Adobe Reader 9.3.3 and prior versions, and Adobe Acrobat 9.3.3 and prior versions, could cause the application to crash and possibly allow an attacker to gain access to the affected system.

A security update for each product has been released to resolve an integer overflow vulnerability and to mitigate a social engineering attack, both of which could lead to arbitrary code execution.

Users of the affected products are advised to update to version 9.3.4. 

Update to Adobe Reader 9.3.4 or later versions

NOTE: Adobe Reader 9.3.4 for Windows, Macintosh and UNIX will be available from the Adobe Reader Download Center by August 31, 2010.

 

Update to Adobe Acrobat version 9.3.4 or later versions

APSB10-17: Security updates available for Adobe Reader and Acrobat (http://www.adobe.com/support/security/bulletins/apsb10-17.html)