Adobe’s First Patch Tuesday Yields Critical Update

Upgrade your desktop version of Adobe Acrobat or reader now. Adobe (NASDAQ: ADBE) issued a patch fixing critical flaws in its popular software yesterday, on the same day that Microsoft released its own massive package of fixes.

“Adobe categorizes this as a critical update and recommends that users apply the update for their product installations,” the company said in a statement.

It added that the flaws it identified could allow an attacker to crash the application and take control of a target system.

The importance of the patch — which is available for Windows and Mac OS — is clear. “It’s becoming more and more common for cybercriminals to take advantage of flaws in PDF-reading software to try and compromise computer systems and install malware. Part of the reason for this is that the PDF format is so ubiquitous — widely used both in business and at home as a way of communicating information between people,” Graham Cluley, senior consultant at security firm Sophos, wrote in a blog post.

Unix and Linux users will have to wait a week to fix the flaws, however. Cluley said a patch for Unix systems is expected on June 16. It’s not clear whether that will also include Linux systems — Adobe normally considers Linux and Solaris as part of its Adobe Reader for Unix offering — and the company itself hasn’t disclosed when the patch would be making its way to other systems.

“Details regarding security updates for the Unix platform will be communicated when available,” wrote Brad Arkin of the Adobe Product Security Incident Response Team (PSIRT) in a blog post.

Arkin added that this is the first of Adobe’s planned quarterly patch updates. Logically, the next Adobe update should occur on the second Tuesday in September, which is Sept. 8, 2009.

Last month, Arkin explained in a blog post that Adobe’s customers had told the company that they would find it easiest to patch Adobe products at the same time as Microsoft released its patches.

“Based on feedback from our customers, who have processes and resources geared toward Microsoft’s ‘Patch Tuesday’ security updates, we will make Adobe’s quarterly patches available on the same days,” he wrote.

Although this is the first official “Adobe Patch Tuesday,” the company fixed several critical flaws on the second Tuesday in March.

In March, Unix and Linux users also received their patch after Windows and Mac users.