Tuesday, April 10, 2012

Adobe Reader and Acrobat Critical Security Updates


Adobe released critical security updates addressing vulnerabilities in Adobe Reader and Adobe Acrobat.  In addition to Adobe Reader X (10.1.3) and Adobe Acrobat X (10.1.3) incorporating the Adobe Flash Player updates noted in Security Bulletins APSB12-03, APSB12-05 and APSB12-07, the updates address a variety of vulnerabilities, including the following:
  • an integer overflow in the True Type Font (TTF) handling that could lead to code execution (CVE-2012-0774)
  • a memory corruption in the JavaScript handling that could lead to code execution (CVE-2012-0775)
  • a security bypass via the Adobe Reader installer that could lead to code execution (CVE-2012-0776)
  • a memory corruption in the JavaScript API that could lead to code execution (CVE-2012-0777)(Macintosh and Linux only)

Acrobat and Reader users can update to the latest version using the built-in updater, by clicking “Help” and then “Check for Updates.” The Adobe Reader update for Windows is available from http://www.adobe.com/products/reader/.  Even better is the FTP download site:  ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.3/ with no risk of add-ons.

The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for July 10, 2012.

Release Details

  • Release date: April 10, 2012
  • Vulnerability identifier: APSB12-08
  • Priority rating: See table below
  • CVE numbers: CVE-2012-0774, CVE-2012-0775, CVE-2012-0776, CVE-2012-0777
  • Platform: All

      Affected Software Versions

      • Adobe Reader X (10.1.2) and earlier 10.x versions for Windows and Macintosh
      • Adobe Reader 9.5 and earlier 9.x versions for Windows and Macintosh
      • Adobe Reader 9.4.6 and earlier 9.x versions for Linux
      • Adobe Acrobat X (10.1.2) and earlier 10.x versions for Windows and Macintosh
      • Adobe Acrobat 9.5 and earlier 9.x versions for Windows and Macintosh


      References





      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      No comments: