Adobe released critical security updates addressing vulnerabilities in Adobe Reader and Adobe Acrobat. In addition to Adobe Reader X (10.1.3) and Adobe Acrobat X (10.1.3) incorporating the Adobe Flash Player updates noted in Security Bulletins APSB12-03, APSB12-05 and APSB12-07, the updates address a variety of vulnerabilities, including the following:
- an integer overflow in the True Type Font (TTF) handling that could lead to code execution (CVE-2012-0774)
- a memory corruption in the JavaScript handling that could lead to code execution (CVE-2012-0775)
- a security bypass via the Adobe Reader installer that could lead to code execution (CVE-2012-0776)
- a memory corruption in the JavaScript API that could lead to code execution (CVE-2012-0777)(Macintosh and Linux only)
Acrobat and Reader users can update to the latest version using the built-in updater, by clicking “Help” and then “Check for Updates.” The Adobe Reader update for Windows is available from http://www.adobe.com/products/reader/. Even better is the FTP download site: ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.3/ with no risk of add-ons.
The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for July 10, 2012.
Release Details
- Release date: April 10, 2012
- Vulnerability identifier: APSB12-08
- Priority rating: See table below
- CVE numbers: CVE-2012-0774, CVE-2012-0775, CVE-2012-0776, CVE-2012-0777
- Platform: All
Affected Software Versions
- Adobe Reader X (10.1.2) and earlier 10.x versions for Windows and Macintosh
- Adobe Reader 9.5 and earlier 9.x versions for Windows and Macintosh
- Adobe Reader 9.4.6 and earlier 9.x versions for Linux
- Adobe Acrobat X (10.1.2) and earlier 10.x versions for Windows and Macintosh
- Adobe Acrobat 9.5 and earlier 9.x versions for Windows and Macintosh
References
- Security Advisory: Security updates available for Adobe Reader and Acrobat
- PSIRT Blog: Security updates released for Adobe Reader and Acrobat (APSB12-08)
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.