Patch released for critical Adobe vulnerabilities

Today Adobe released a patch for two critical vulnerabilities (CVE-2013-0640 and CVE-2013-0641) that are already being exploited by attackers. Adobe released version 11.0.02 of its Adobe Reader and Adobe Acrobat Pro applications.

Vulnerabilities affect Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Mac OS X systems.

"These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system." security advisory reads.

Exploits were discovered by security company FireEye and researchers with antivirus provider Kaspersky Lab have confirmed the exploit can successfully escape the Adobe sandbox.

Users can update the software through the built-in updater or by downloading a copy of the Windows, Mac, or Linux installer directly from Adobe's website.