Adobe pushed out an update to its Reader and Acrobat packages on Monday to close a pair of critical flaws in the popular packages.

Patches to version 8.1.2 of each application resolves vulnerabilities which create a means for miscreants to drop malware onto vulnerable systems. Users of earlier versions of the software (Adobe Reader 7.1.0 and Acrobat 7.1.0) are not at risk from the bug. Version 9 of each package - due to appear next month - are also safe, Adobe reports.

"A critical vulnerability has been identified in Adobe Reader and Acrobat 8.1.2 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system," it said.

The SANS Institute's Internet Storm Center warns that the vulnerability might lend itself to botnet exploitation. It advises users to update their systems sooner rather than later. ®

Related stories

• Updated Adobe Flash vulnerable to remote-execution exploit (24 February 2009)
• Updated Unofficial patch plugs 0-day Adobe security vuln. (24 February 2009)
• New in-the-wild attack targets fully-patched Adobe Reader (20 February 2009)
• ISO certifies Adobe's PDF (3 July 2008)
• Adobe swings out Acrobat 9 (25 June 2008)
• Web browsers face crisis of security confidence (23 June 2008)
• Updated Attack code in the wild targets new (sort of) Adobe Flash vuln (27 May 2008)
• Adobe Reader Trojan predates mystery update by two weeks (11 February 2008)
• Stealthy Adobe Reader update fixes mystery security bugs (7 February 2008)