Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.03) and earlier versions for Windows and Macintosh.
Adobe identifies this update as a regular quarterly update that provides security mitigations, feature enhancements, and bug fixes. Note, however that the updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Release date: September 10, 2013
Vulnerability identifier: APSB13-22
CVE numbers: CVE-2013-3351, CVE-2013-3352, CVE-2013-3353, CVE-2013-3354, CVE-2013-3355, CVE-2013-3356, CVE-2013-3357, CVE-2013-3358
Platform: Windows and Macintosh
Update or Complete DownloadUpdate checks can be manually activated by choosing Help > Check for Updates.
- Adobe Reader XI (11.0.04) for Windows is available here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.
- Adobe Reader XI (11.0.04) for Macintosh is available here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.
- Adobe Reader for Linux is not updated.
Enable "Protected View"Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled. Neither the Protected Mode or Protected View option is available for Macintosh users.
To enable this setting, do the following:
- Click Edit > Preferences > Security (Enhanced) menu.
- Change the "Off" setting to "All Files".
- Ensure the "Enable Enhanced Security" box is checked.
|Image via Sophos Naked Security Blog|