Adobe has released a mega-update for its Reader and Acrobat software products to fix a total of eight documented security vulnerabilities.
The update comes with significant security improvements, including the on-by-default addition “Enhanced Security,” a feature that provides a set of default restrictions and a method to define trusted locations that should not be subject to those restrictions.
First up, here are the security vulnerabilities patched with this update:
This update resolves a use-after-free vulnerability in Multimedia.api that could lead to code execution (CVE-2009-4324). This issue is being actively exploited in the wild; the exploit targets Adobe Reader and Acrobat 9.2 on Windows platforms.