In response to two critical vulnerabilities in Acrobat and Adobe Reader 9.3, this week Adobe released the 9.3.1 update for both applications; users of the older 8.x versions can update to 8.2.1 to resolve the security issues. One of the two vulnerabilities addressed would allow a malicious PDF to make unauthorized cross-domain requests; the other could crash the PDF application and possibly allow an attacker to gain access to other parts of the system.

The first flaw is related to a Flash Player issue that was revealed last week; if you have not updated Flash to the latest version (10.0.45.2 as of this moment, see your version & current versions here) & you aren’t blocking Flash, you should go get the latest build right away. Although you can configure auto-update notifications in Flash Player, it’s not clear if Mac OS X clients are consistently getting these reminders to update.

Adobe has seen a surge in application exploits against their software applications.