Adobe has released updates for its Reader and Acrobat applications that fix two vulnerabilities that attackers were exploiting to seize control of Windows-based machines.
Version 9.4.7 of the programs fix two memory-corruption bugs that Adobe says are “being actively exploited in limited, targeted attacks in the wild” against machines running Windows. The same bugs are present in Mac and Unix versions of the applications, but there are no reports of machines running them being exploited. The bugs are also present in Reader X for Windows, but a security sandbox, which Adobe added last year to minimize the damage that results from code flaws, prevents the attacks from working.
As a result, those versions will be updated next month, during a regularly scheduled patch release.