Critical updates for Adobe Reader and Acrobat released - you can breathe again


You can stop holding your breath now, the wait is over.

Adobe has released security updates for Acrobat and its PDF Reader software fixing critical vulnerabilities in its Windows and Mac software.

Last week, on Patch Tuesday, Adobe explained that although it was releasing security patches for Flash Player and AIR, it was delaying its scheduled security updates for Reader and Acrobat, because of issues that had sprung up during testing.

To be honest, it was hard not to feel grateful. After all, the last thing you want is for a vendor to push out a security update that causes conflicts and potentially creates more problems than the vulnerability it is trying to patch.

But at the same time there’s always a niggling thought burrowing away at the back of your mind - Adobe knows there’s a problem with some of its most popular products, but hasn’t patched them yet. Who else might know about the flaws and be keen to exploit them?

In a support advisory published on its website, Adobe gave the security updates for Adobe Reader X, Adobe Reader XI, Adobe Acrobat X and Adobe Acrobat XI, its highest priority rating.

Adobe only rates security updates as “Priority 1” if it believes that the vulnerabilities it resolves are being targeted or have a high risk of being exploited in the wild.

The vulnerabilities themselves are definitely serious enough to make the hairs stand on the back of your neck - if exploited some of them could allow attackers to run malware on your computer, potentially without you being aware that anything untoward was happening.

The most serious bugs fixed by Adobe involve vulnerabilities that could lead to remote code execution. The remaining flaws include a sandbox bypass vulnerability, a cross-site scripting flaw on Macs, and another security hole that could lead to a five of which could lead to potentially crash systems.

Administrators are advised to install the update across their networks as soon as possible. What counts as “soon as possible”? Well, Adobe recommends that it should be done within 72 hours - but clearly the sooner the better.

That’s not necessarily something that IT teams will look forward to, of course, especially when you consider that the updates require computers to be restarted.

So don’t delay, if you use Adobe Reader or Acrobat then upgrade to version 10.1.12 or 11.0.09 as soon as possible.

Find out more, and bookmark the links to grab the updates, on Adobe’s website.

This article originally appeared on the Optimal Security blog.

Tags: , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.