Next Tuesday, January 8, will be a busy day for system administrators. In addition to the regularly-scheduled release of security patches from Microsoft, Adobe is also planning to release a batch of security updates. In a Prenotification Security Advisory [APSB13-02], released yesterday, Adobe says that it will issue patches to fix a variety of Critical vulnerabilities in Acrobat and Adobe Reader. According to the Advisory, the affected versions of the software are:
- Adobe Reader XI (11.0.0) for Windows and Macintosh
- Adobe Reader X (10.1.4) and earlier 10.x versions for Windows and Macintosh
- Adobe Reader 9.5.2 and earlier 9.x versions for Windows and Macintosh
- Adobe Reader 9.5.1 and earlier 9.x versions for Linux
- Adobe Acrobat XI (11.0.0) for Windows and Macintosh
- Adobe Acrobat X (10.1.4) and earlier 10.x versions for Windows and Macintosh
- Adobe Acrobat 9.5.2 and earlier 9.x versions for Windows and Macintosh
In addition to a severity rating, Adobe assigns a priority level to each update; in this case, the Windows versions are rated Priority 1 (the highest) because Adobe thinks that version and platform is most likely to be attacked. The Reader software, in particular, has been a popular target in the past, because it is so widely installed across different platforms. So you should try to get these fixes applied promptly.
I will post a note here with any updated information, once the updates are actually available.