Adobe also applied at least four -- and perhaps several more -- patches to Reader X that it had declined to fix in three earlier out-of-band updates going back to March.
Although the company had patched older editions in those updates, it had not fixed Reader X, saying each time that because the program's "sandbox" prevented malware from affecting the computer, it would instead wait for Tuesday's already-scheduled quarterly update.
Reader X, which Adobe rolled out last November, includes anti-exploit sandbox technology designed to isolate the program from the rest of the system. Theoretically, the sandbox insures that malware which does launch inside Reader X can't escape to infect the PC or Mac.
According to Adobe, none of the Reader vulnerabilities patched Tuesday have been exploited in the wild.
At the same time it shipped the Flash Player and Reader security refreshes, Adobe also patched 24 vulnerabilities in Shockwave Player, two in LifeCycle Data Services and Blaze DS -- a live streaming service and data push service, respectively -- and two in ColdFusion, an Adobe development platform.
The patched versions of Reader and Flash Player can be downloaded from Adobe's Web site. Alternately, users can run the programs' integrated update tool or wait for the software to prompt them that a new version is available.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed. His email address is firstname.lastname@example.org.
Read more about security in Computerworld's Security Topic Center.