Adobe plans fixes for Reader and Acrobat in next security update

News

Adobe plans fixes for Reader and Acrobat in next security update

Warwick Ashford

Adobe has announced it will address several vulnerabilities in its Reader and Acrobat software in is next quarterly security update on 14 June.

All the vulnerabilities being patched are rated critical, said Adobe in its pre-notification Security Advisory.

Adobe defines critical vulnerabilities as those which would allow attackers to execute malicious code.

The patches will fix bugs in Adobe Reader X and Acrobat X as well as versions 9.4.3 and earlier for both Windows and Mac OS X, according to the pre-notification, but Adobe Reader for Android is not mentioned.

The update will address some long outstanding vulnerabilities, but Adobe has released a number of unscheduled patches in the past few months, including one just a few days ago for Flash Player to patch a zero-day cross-site scripting vulnerability.

The company noted the cross-site scripting flaw also affected the authplay.dll component in Reader and Acrobat. This particular issue is supposed to be fixed for Reader and Acrobat X and earlier 10.x and 9.x versions for both Windows and Mac OS X in the coming quarterly update.

In March and April, Adobe issued out-of-band updates for all versions except Reader and Acrobat X, to close security holes that allowed attackers to embed malicious Flash code into other documents.

The company delayed updates to these two applications to the scheduled quarterly update because their sandbox architecture prevented the rogue Flash files from executing, reducing the risk.

Summary: Affected software versions

Adobe Reader X (10.0.1) and earlier versions for Windows

Adobe Reader X (10.0.3) and earlier versions for Macintosh

Adobe Reader 9.4.3 and earlier versions for Windows and Macintosh

Adobe Acrobat X (10.0.3) and earlier versions for Windows and Macintosh

Adobe Acrobat 9.4.3 and earlier versions for Windows and Macintosh


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy