Adobe goes patch bananas

Adobe has patched 23 security vulnerabilities afflicting ts Reader PDF viewer software, in the year's biggest patch fest so far.

The firm confessed that it had found 'critical' vulnerabilities in its Reader 9.3.4 (and earlier versions) for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.4 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.4 (and earlier versions) and Adobe Acrobat 8.2.4 (and earlier versions) for Windows and Macintosh.

These vulnerabilities, included "CVE-2010-2883", which has been sagging open for at least a month and which "could cause the application to crash and could potentially allow an attacker to take control of the affected system."

As could a second flaw referenced in the Adobe Flash Player Security Bulletin APSB10-2.

Adobe said it pushed the updates out early, as promised. Its next quarterly security updates for Adobe Reader and Acrobat are scheduled for February 8, 2011, by which time there should be plenty of new holes to plug.

Such are the insecurity woes Adobe is having, the company has begun talking about a protected "sandbox" mode it wants to add to its WIndows software before the end of the year.

Adobe said it will demonstrate the technology at its Adobe MAX 2010, later this month in Los Angeles.