Security Updates Available for Adobe Reader

[Starbuck]

Seventeen critical vulnerabilities fixed

 

Adobe has released new versions of its Reader and Acrobat products, addressing a flurry of critical vulnerabilities that could lead to arbitrary code execution. One of the flaws has been actively exploited in the wild since the beginning of the month.

 

Out of the seventeen vulnerabilities mentioned in the security bulletin accompanying this release, only one affects the UNIX versions of the products. Code execution in case of successful exploitation has been demonstrated for eleven of them, while the last one is described primarily as a denial of service issue.

 

The most dangerous vulnerability fixed in this release was identified as CVE-2010-1297 and reported as a zero-day on June 4. The flaw is located in the component handling the playback of SWFs embedded in PDF documents and also patched in Flash Player 10.1.53.64.

 

"Adobe recommends users of Adobe Reader 9.3.2 and earlier versions for Windows, Macintosh and UNIX to update to Adobe Reader 9.3.3. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.3.3, Adobe has provided the Adobe Reader 8.2.3 update.) Adobe recommends users of Adobe Acrobat 9.3.2 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.3. Adobe recommends users of Adobe Acrobat 8.2.2 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.2.3," the security bulletin reads.

 

The Adobe Reader 9.3.3 and 8.2.3 updates for Windows can be downloaded from here.

 

The Adobe Reader 9.3.3 update for Mac can be downloaded from here.

 

The Adobe Reader 9.3.3 update for UNIX can be downloaded from here.

 

 

Source:

Security Updates Available for Adobe Reader - Seventeen critical vulnerabilities fixed - Softpedia