by Dancho Danchev
The security bulletin is patching the following vulnerabilities CVE-2011-2462, CVE-2011-4369, CVE-2011-4370, CVE-2011-4371, CVE-2011-4372, CVE-2011-4373, allowing remote code execution attacks.
These updates address critical vulnerabilities in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. These updates include fixes for CVE-2011-2462 and CVE-2011-4369, previously addressed in Adobe Reader and Acrobat 9.x for Windows as referenced in Security Bulletin APSB11-30.
Affected software versions:
- Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
- Adobe Reader 9.4.7 and earlier 9.x versions for Windows
- Adobe Reader 9.4.6 and earlier 9.x versions for Macintosh
- Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
- Adobe Acrobat 9.4.7 and earlier 9.x versions for Windows
- Adobe Acrobat 9.4.6 and earlier 9.x versions for Macintosh
Adobe vulnerabilities are just the tip of the iceberg, when it comes to the malicious exploitation of client-side vulnerabilities. Contrary to the common belief that zero day vulnerabilities are the primary growth factor of the cybercrime ecosystem, numerous independent reports confirm that patched vulnerabilities are the primary exploitation vector for a cybercriminal’s malicious campaign.