vulnerabilities have been identified in Adobe Reader 9.4 (and earlier versions) for Windows, Macintosh and UNIX, and Adobe Acrobat 9.4 (and earlier 9.x versions) for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.
In addition to addressing CVE-2010-3654 noted in Security Advisory APSA10-05
and CVE-2010-4091 referenced in the Adobe PSIRT blog ("Potential issue in Adobe Reader
"), these updates also incorporate the Adobe Flash Player update as noted in Security Bulletin APSB10-26
Adobe recommends users of Adobe Reader 9.4 and earlier versions for Windows and Macintosh update to Adobe Reader 9.4.1, available now. Adobe recommends users of Adobe Reader 9.4 and earlier versions for UNIX update to Adobe Reader 9.4.1, expected to be available on November 30, 2010. Adobe recommends users of Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh update to Adobe Acrobat 9.4.1.
Note that these updates represent an out-of-cycle release. The next quarterly security updates for Adobe Reader and Acrobat are scheduled for February 8, 2011.