Adobe patches 13 critical Reader, Acrobat holes

By on
Adobe patches 13 critical Reader, Acrobat holes

Reader hole could allow for remote hijack.

Adobe has released 13 security patches for Reader and Acrobat.

Critical vulnerabilities patched in Adobe Reader 10.1 and earlier versions for Windows and Macintosh could allow attackers to hijack a system and crash the application.

Patched vulnerabilities that could lead to code execution include local privilege-escalation, a buffer overflow in the U3D TIFF Resource; a heap overflow and three stack overflow flaws in the Adobe image parsing library; three stack overflow vulnerabilities in the Adobe image parsing library; two stack overflow vulnerabilities in the CoolType.dll library; a memory leakage condition vulnerability, and a use-after-free vulnerability.

Affected Adobe Reader and Acrobat  product versions range from 10 to 8 for Windows and Mac. Patches were released for Reader 9.4.5 and earlier 9.x versions for Unix.

Adobe said it had not detected exploits against the vulnerabilities in the wild.

The company will cut support for Adobe Reader and Acrobat 8 on 3  November this year.

CVE Numbers

CVE-2011-1353, CVE-2011-2431,  CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442

Hi Nate/Darren,

 

Following last week’s prenotification security advisory, the usual heads-up to let you know that today’s product updates for Adobe Reader and Acrobat will be available within the next 15 minutes:

 

·         Adobe Product Security Incident Report Team (PSIRT) Blog Post: Security updates released for Adobe Reader and Acrobat (APSB11-24)
This blog entry will be posted at http://blogs.adobe.com/psirt/2011/09/security-updates-released-for-adobe-reader-and-acrobat-apsb11-24.html.

 

·         Security Bulletin APSB10-28: Security updates available for Adobe Reader and Acrobat
The security bulletin will be posted at http://www.adobe.com/support/security/bulletins/apsb11-24.html.
(Note: The security bulletin will replace the prenotification security advisory currently posted in this location.)

 

·         Affected Software Versions:

o   Adobe Reader X (10.1) and earlier 10.x versions for Windows and Macintosh

o   Adobe Reader 9.4.5 and earlier 9.x versions for Windows, Macintosh and UNIX

o   Adobe Reader 8.3 and earlier 8.x versions for Windows and Macintosh

o   Adobe Acrobat X (10.1) and earlier 10.x versions for Windows and Macintosh

o   Adobe Acrobat 9.4.5 and earlier 9.x versions for Windows and Macintosh

o   Adobe Acrobat 8.3 and earlier 8.x versions for Windows and Macintosh

 

·         Summary:
Critical vulnerabilities have been identified in Adobe Reader X (10.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.2 and earlier versions for UNIX, and Adobe Acrobat X (10.1) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

 

o   Adobe recommends users of Adobe Reader X (10.1) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1.1).

o   For users of Adobe Reader 9.4.5 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1.1), Adobe has made available updates, Adobe Reader 9.4.6 and Adobe Reader 8.3.1.

o   Adobe recommends users of Adobe Acrobat X (10.1) for Windows and Macintosh update to Adobe Acrobat X (10.1.1).

o   Adobe recommends users of Adobe Acrobat 9.4.5 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.4.6, and users of Adobe Acrobat 8.3 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.3.1.

o   Adobe Reader 9.4.6 for UNIX is currently scheduled to be released on November 7, 2011.

 

·         CVE Numbers (13):

CVE-2011-1353, CVE-2011-2431,  CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442

 

·         Exploits:
Adobe is not aware of any exploits in the wild for any of the issues patched in this release.

 

·         Additional Notes:

o   The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for December 13, 2011.

o   Support for Adobe Reader 8.x and Acrobat 8.x for Windows and Macintosh will end on November 3, 2011. For more information, please see: Adobe Reader and Acrobat 8 End of Support.

 

If you have any questions, please let me know.

 

Best,

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
acrobat adobe patching reader security
In Partnership With

Most Read Articles

Telstra, Optus and Vodafone temporarily block websites after Christchurch attack

Telstra, Optus and Vodafone temporarily block websites after Christchurch attack
Millennials might swipe, can't screw: Bunnings boss nails omnichannel

Millennials might swipe, can't screw: Bunnings boss nails omnichannel
Telstra and Optus secure round four mobile blackspot sites

Telstra and Optus secure round four mobile blackspot sites
Govt to spend $220m on mobile, co-fund NBN area switches

Govt to spend $220m on mobile, co-fund NBN area switches
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

How Macquarie University has prepared for fire and flood
How Macquarie University has prepared for fire and flood
Guide to Fully-Composable Software-Defined Private Cloud
Guide to Fully-Composable Software-Defined Private Cloud
Is slow data silently killing your business? Here's why you should care.
Is slow data silently killing your business? Here's why you should care.
Cloud, AI, infosec: Is your IT strategy keeping up?
Cloud, AI, infosec: Is your IT strategy keeping up?
Australian business moves to a new cloud era
Australian business moves to a new cloud era

Events

Log In

Username / Email:
Password:
  |  Forgot your password?