In association with heise online

11 April 2012, 11:37

Adobe fixes critical vulnerabilities in Reader and Acrobat

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe Reader logo Adobe has released versions 10.1.3 and 9.5.1 of its Acrobat and Reader products to address high priority security vulnerabilities that could be used by an attacker to cause the application to crash and potentially take control of an affected system. These include memory corruption in the JavaScript API and JavaScript handling, an integer overflow in the True Type Font (TTF) handling and a security bypass via the Adobe Reader installer, all of which could lead to arbitrary code execution.

Adobe Acrobat and Reader 10.1.2 and earlier 10.x versions, as well as 9.5 and earlier 9.x versions for Windows and Mac OS X are affected – on Linux, Reader 9.4.6 and earlier 9.x versions are also vulnerable. The company also notes that Reader and Acrobat 10.1.3 also include the recent Flash Player updates. All users are advised to upgrade to the current versions.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1518711
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit