Critical updates for Adobe Reader and Acrobat released – you can breathe again

Graham Cluley

You can stop holding your breath now, the wait is over.

Adobe has released security updates for Acrobat and its PDF Reader software fixing critical vulnerabilities in its Windows and Mac software.

Last week, on Patch Tuesday, Adobe explained that although it was releasing security patches for Flash Player and AIR, it was delaying its scheduled security updates for Reader and Acrobat, because of issues that had sprung up during testing.

To be honest, it was hard not to feel grateful. After all, the last thing you want is for a vendor to push out a security update that causes conflicts and potentially creates more problems than the vulnerability it is trying to patch.

But at the same time there’s always a niggling thought burrowing away at the back of your mind – Adobe knows there’s a problem with some of its most popular products, but hasn’t patched them yet. Who else might know about the flaws and be keen to exploit them?

In a support advisory published on its website, Adobe gave the security updates for Adobe Reader X, Adobe Reader XI, Adobe Acrobat X and Adobe Acrobat XI, its highest priority rating.

Adobe only rates security updates as “Priority 1” if it believes that the vulnerabilities it resolves are being targeted or have a high risk of being exploited in the wild.

The vulnerabilities themselves are definitely serious enough to make the hairs stand on the back of your neck – if exploited some of them could allow attackers to run malware on your computer, potentially without you being aware that anything untoward was happening.

The most serious bugs fixed by Adobe involve vulnerabilities that could lead to remote code execution. The remaining flaws include a sandbox bypass vulnerability, a cross-site scripting flaw on Macs, and another security hole that could lead to a five of which could lead to potentially crash systems.

Administrators are advised to install the update across their networks as soon as possible. What counts as “soon as possible”? Well, Adobe recommends that it should be done within 72 hours – but clearly the sooner the better.

That’s not necessarily something that IT teams will look forward to, of course, especially when you consider that the updates require computers to be restarted.

So don’t delay, if you use Adobe Reader or Acrobat then upgrade to version 10.1.12 or 11.0.09 as soon as possible.

Find out more, and bookmark the links to grab the updates, on Adobe’s website.

This article originally appeared on the Optimal Security blog.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.
Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES