February 09, 2011

Adobe issues slew of patches for its software

Adobe on Tuesday released its quarterly security update, fixing dozens of vulnerabilities, including 29 flaws in its popular PDF viewing software Reader and Acrobat and 13 in Flash Player.

The Reader and Acrobat flaws, most of which were classified as "critical," could cause the application to crash or allow an attacker to take control of the affected system, Adobe said in its security bulletin. Many of the flaws were input validation or library loading issues that could lead to code execution. Several others were described as memory corruption or denial-of-service vulnerabilities that could allow the execution of code.

This marks the first time the software maker has issued fixes for Adobe Reader X, the latest major version of the software that was released in November and includes a new feature called “Protected Mode” that is designed to mitigate attacks.

The risk for Adobe Reader X users is significantly lower, Adobe said, because none of the security issues patched in this update can bypass this new capability, which forces operations that display PDF files to the user to be run inside a confined environment, known as a sandbox, in which certain functions are prohibited.

Tuesday's update bring the latest versions of Reader and Acrobat to 10.0.1, 9.4.2, and 8.2.6 for Windows and Mac OS X. Unix users will have to wait until Feb. 28 for a fix.

The next quarterly security updates for Adobe Reader and Acrobat are scheduled for June 14.

Meanwhile, Flash Player was also updated Tuesday to fix 13 critical flaws that could also cause an application to crash or allow attackers to take control of an affected system, Adobe said in a security bulletin. Several of the flaws are memory corruption issues that could lead to code execution.Others include an integer overflow flaw, a library-loading issue and a font-parsing bug.

The update brings Flash up to version 10.2.152.26 for Windows, Mac OS X, Linux and Solaris.

Adobe on Tuesday also issued updates to address five vulnerabilities affecting ColdFusion, a web application development platform and 21 flaws in Shockwave Player, which allows for the display of rich web content.

Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.