Adobe on Tuesday issued a security advisory,
requesting users running Reader and Acrobat 9.4 or earlier to update to 9.4.1,
which addresses a critical vulnerability (CVE-2010-3654) acknowledged by the company in late October.
The said vulnerability, which can be used by an attacker to take control of the affected system, also affects Flash Player 10.1.85.3 (and earlier), but the hole in Flash has already been plugged with the release of version 10.1.102.64 earlier this month. Besides CVE-2010-3654, the updates also addressees a “potential issue” (CVE-2010-4091) in certain versions of Reader.
“Note that these updates represent an out-of-cycle release. The next quarterly security updates for Adobe Reader and Acrobat are scheduled for February 8, 2011,” said Adobe in the advisory.