As it became known, last week Adobe managed to mend two vulnerabilities in its Reader PDF viewing software. One of the vulnerability was one that went public last month at the annual Black Hat security conference.

Two weeks ago, Adobe promised to fix the Black Hat vulnerability with an emergency or "out-of-band" security update. That vulnerability was detected by researcher Charlie Miller, an analyst with Baltimore-based Independent Security Evaluators, at July's Black Hat event in Las Vegas, where he demonstrated how the open-source BitBlaze toolkit could boost bug-hunting productivity.

Actually, Adobe knew of the bug before Miller unveiled it as Google security engineer Tavis Ormandy -- had previously reported the vulnerability.

Sunday, Adobe credited Ormandy with finding the flaw.

 In an advisory , Adobe classified both Ormandy's bug and another vulnerability patched today as critical, noting that each "could lead to code execution," phrasing that means attackers could exploit them to compromise a machine. As is Adobe's practice, it revealed only the scantiest of details about the bugs. The second vulnerability was only described as one that "further mitigates a social engineering attack."

What Adobe failed to mention was that it had patched that bug before.

Today's updates to versions 9.3.4 and 8.3.4 of Reader and Acrobat also included patches released last week for Flash, Adobe's media player.

Adobe Reader and Acrobat for Windows, Mac and Linux can be downloaded using the links included in Thursday's advisory.  Alternately, users can use the programs' built-in update mechanism to grab the new versions.