January 11, 2012 By Dancho Danchev

Adobe issues a patch for critical security holes in Reader and Acrobat

by Dancho Danchev

As part of its quarterly patch update, today Adobe issued a critical security update plugging multiple security holes in its Acrobat Reader, and Adobe Acrobat software applications.

More details:

The security bulletin is patching the following vulnerabilities CVE-2011-2462, CVE-2011-4369, CVE-2011-4370, CVE-2011-4371, CVE-2011-4372, CVE-2011-4373, allowing remote code execution attacks.

These updates address critical vulnerabilities in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. These updates include fixes for CVE-2011-2462 and CVE-2011-4369, previously addressed in Adobe Reader and Acrobat 9.x for Windows as referenced in Security Bulletin APSB11-30.

Affected software versions:

  • Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
  • Adobe Reader 9.4.7 and earlier 9.x versions for Windows
  • Adobe Reader 9.4.6 and earlier 9.x versions for Macintosh
  • Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
  • Adobe Acrobat 9.4.7 and earlier 9.x versions for Windows
  • Adobe Acrobat 9.4.6 and earlier 9.x versions for Macintosh

Adobe vulnerabilities are just the tip of the iceberg, when it comes to the malicious exploitation of client-side vulnerabilities. Contrary to the common belief that zero day vulnerabilities are the primary growth factor of the cybercrime ecosystem, numerous independent reports confirm that patched vulnerabilities are the primary exploitation vector for a cybercriminal’s malicious campaign.

Users are advised to ensure that they’re not running any outdated software, next to browser plugins.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Share Button
true