Adobe has announced that tomorrow it will release out-of-band patches for Reader 9.4 (and earlier 9.x versions) for Windows, Mac and UNIX, and Acrobat 9.4 (and earlier 9.x versions) for Windows and Mac to fix critical security issues.
The patch will fix the vulnerabilities CVE-2010-3654 and CVE-2010-4091.
Adobe issued a notification Oct. 28 that CVE-2010-3654 could cause Reader and Acrobat to crash and allow an intruder to take control of the affected system. Adobe said the flaw was being actively exploited. (Advisory here.)
The company said Nov. 4 that there had been public discussion of the CVE-2010-4091 vulnerability, which could cause a denial of service. (Advisory here.)
An update for UNIX is expected Nov. 30, 2010.
The next scheduled quarterly security updates for Reader and Acrobat are February 8, 2011.
Tom Kelchner