Adobe Reader and Acrobat Critical Security Updates ~ Security Garden

Tuesday, April 10, 2012

Adobe Reader and Acrobat Critical Security Updates

Adobe released critical security updates addressing vulnerabilities in Adobe Reader and Adobe Acrobat. In addition to Adobe Reader X (10.1.3) and Adobe Acrobat X (10.1.3) incorporating the Adobe Flash Player updates noted in Security Bulletins APSB12-03, APSB12-05 and APSB12-07, the updates address a variety of vulnerabilities, including the following:

an integer overflow in the True Type Font (TTF) handling that could lead to code execution (CVE-2012-0774)
a memory corruption in the JavaScript handling that could lead to code execution (CVE-2012-0775)
a security bypass via the Adobe Reader installer that could lead to code execution (CVE-2012-0776)
a memory corruption in the JavaScript API that could lead to code execution (CVE-2012-0777)(Macintosh and Linux only)

Acrobat and Reader users can update to the latest version using the built-in updater, by clicking “Help” and then “Check for Updates.” The Adobe Reader update for Windows is available from http://www.adobe.com/products/reader/. Even better is the FTP download site: ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.3/ with no risk of add-ons.

The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for July 10, 2012.

Release Details

Release date: April 10, 2012
Vulnerability identifier: APSB12-08
Priority rating: See table below
CVE numbers: CVE-2012-0774, CVE-2012-0775, CVE-2012-0776, CVE-2012-0777
Platform: All

Affected Software Versions

Adobe Reader X (10.1.2) and earlier 10.x versions for Windows and Macintosh
Adobe Reader 9.5 and earlier 9.x versions for Windows and Macintosh
Adobe Reader 9.4.6 and earlier 9.x versions for Linux
Adobe Acrobat X (10.1.2) and earlier 10.x versions for Windows and Macintosh
Adobe Acrobat 9.5 and earlier 9.x versions for Windows and Macintosh

References

Security Advisory: Security updates available for Adobe Reader and Acrobat
PSIRT Blog: Security updates released for Adobe Reader and Acrobat (APSB12-08)

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Welcome to the Security Garden, where everything is coming up roses.

The best way to protect your garden is to fence it in. The same applies to your computer.
Get computer security news and information, help, tips and more at the Security Garden.

Articles

My Garden Roots

Perennial Favorites

Article Categories

Tuesday, April 10, 2012