Vulnerability Management

Adobe issues slew of patches for its software

Adobe on Tuesday released its quarterly security update, fixing dozens of vulnerabilities, including 29 flaws in its popular PDF viewing software Reader and Acrobat and 13 in Flash Player.

The Reader and Acrobat flaws, most of which were classified as "critical," could cause the application to crash or allow an attacker to take control of the affected system, Adobe said in its security bulletin. Many of the flaws were input validation or library loading issues that could lead to code execution. Several others were described as memory corruption or denial-of-service vulnerabilities that could allow the execution of code.

This marks the first time the software maker has issued fixes for Adobe Reader X, the latest major version of the software that was released in November and includes a new feature called “Protected Mode” that is designed to mitigate attacks.

The risk for Adobe Reader X users is significantly lower, Adobe said, because none of the security issues patched in this update can bypass this new capability, which forces operations that display PDF files to the user to be run inside a confined environment, known as a sandbox, in which certain functions are prohibited.

Tuesday's update bring the latest versions of Reader and Acrobat to 10.0.1, 9.4.2, and 8.2.6 for Windows and Mac OS X. Unix users will have to wait until Feb. 28 for a fix.

The next quarterly security updates for Adobe Reader and Acrobat are scheduled for June 14.

Meanwhile, Flash Player was also updated Tuesday to fix 13 critical flaws that could also cause an application to crash or allow attackers to take control of an affected system, Adobe said in a security bulletin. Several of the flaws are memory corruption issues that could lead to code execution.Others include an integer overflow flaw, a library-loading issue and a font-parsing bug.

The update brings Flash up to version 10.2.152.26 for Windows, Mac OS X, Linux and Solaris.

Adobe on Tuesday also issued updates to address five vulnerabilities affecting ColdFusion, a web application development platform and 21 flaws in Shockwave Player, which allows for the display of rich web content.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.