Adobe patches critical Reader and Acrobat security vulnerabilities

by

Share this news now.

On Tuesday, Adobe released a security bulletin, warning users of several vulnerabilities which could give a remote attacker access to the targeted PC.

The update affects Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for Linux, and Adobe Acrobat X (10.1.2).

More details:

The update fixes the following vulnerabilities:

  • CVE-2012-0774 - These updates resolve an integer overflow in the True Type Font (TTF) handling that could lead to code execution
  • CVE-2012-0775 - These updates resolve a memory corruption in the JavaScript handling that could lead to code execution
  • CVE-2012-0776 - These updates resolve a security bypass via the Adobe Reader installer that could lead to code execution
  • CVE-2012-0777 - These updates resolve a memory corruption in the JavaScript API that could lead to code execution

Just how popular are malicious PDFs these days? According to multiple reports, malicious PDF files outpace the distribution of related malicious attachments used in targeted attacks, and currently represent the attack vector of choice for malicious attackers compared to media, help files, HTMLs and executables.

Webroot advises end and corporate users to apply the Adobe updates immediately.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.


Share this news now.
Adobe patches critical Reader and Acrobat security vulnerabilities by