Adobe released critical security updates addressing vulnerabilities in Adobe Reader and Adobe Acrobat. The vulnerabilities relate to memory and heap corruption vulnerabilities which could cause a crash and potentially allow an attacker to take control of the affected system.
Acrobat and Reader users can update to the latest version using the built-in updater, by clicking “Help” and then “Check for Updates.” The Adobe Reader update for Windows is available from http://www.adobe.com/products/reader/. Even better is the FTP download site: ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.2/ with no risk of add-ons.
The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for April 10, 2012.
- Release date: January 10, 2012
- Vulnerability identifier: APSB12-01
- CVE numbers: CVE-2011-2462, CVE-2011-4369, CVE-2011-4370, CVE-2011-4371, CVE-2011-4372, CVE-2011-4373
- Platform: Windows and Macintosh
Affected Software Versions
- Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
- Adobe Reader 9.4.7 and earlier 9.x versions for Windows
- Adobe Reader 9.4.6 and earlier 9.x versions for Macintosh
- Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
- Adobe Acrobat 9.4.7 and earlier 9.x versions for Windows
- Adobe Acrobat 9.4.6 and earlier 9.x versions for Macintosh
- Security Advisory: Security updates available for Adobe Reader and Acrobat
- PSIRT Blog: Security updates released for Adobe Reader and Acrobat (APSB12-01)