14 DAY TRIAL // Adobe released new versions for its Acrobat and Reader PDF software that include patches for 34 vulnerabilities. The update is considered critical and has been assigned the highest priority rating.
The updates are for both Windows and OS X versions of the two products and were announced by Adobe in a pre-notification last week, which said that the severity level was critical but did not have the highest priority rating.
Half of the flaws could lead to arbitrary code execution
In the bulletin released on Tuesday, the company elevated the update priority, recommending users to install the latest releases within 72 hours because there is a higher risk of being targeted by exploits in the wild. There is no clear indication from the developer that exploits have been identified, though.
Most of the glitches (14) repaired in Reader (11.0.11, 10.1.14) and Acrobat (11.0.11, 10.1.14) refer to different ways of bypassing the restrictions imposed when executing JavaScript API.
However, more dangerous flaws have been eliminated, which, if successfully exploited, could have allowed an attacker to execute arbitrary code on the affected machine and take control of the system.
The tally for these ones is 17 and they range from use-after-free, heap-based buffer overflow and buffer overflow to memory corruption bugs. The last type of issues is most prevalent, with 10 vulnerabilities being patched by the developer.
Furthermore, Adobe plugged a memory leak hole and a null-pointer dereference that could create a denial of service condition, according to the security advisory.
HP Zero Day reported most of the bugs
The company solved the issues after receiving reports from external sources, HP’s Zero Day Initiative getting credit for the largest part of the bugs.
Google's security experts from Project Zero and the security team were also credited for six of the problems, all of them allowing code execution if exploited.
Updating to the new releases can be done manually, by downloading and installing the latest revisions for Adobe Reader (Windows, OS X) and Acrobat (Windows, OS X), or via the automatic update check feature included in the products.