14 DAY TRIAL // Adobe has released security updates for Adobe Reader and Acrobat in order to address critical security vulnerabilities that could be exploited to execute malicious code.
The updates contain fixes for a number of twelve security vulnerabilities that can lead to arbitrary code execution, a security bypass flaw, and two memory corruption issues which can result denial of service.
"Adobe recommends users of Adobe Reader X (10.x) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1).
"For users of Adobe Reader 9.4.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1), Adobe has made available updates, Adobe Reader 9.4.5 and Adobe Reader 8.3," the company writes in its security bulletin.
Adobe has been criticized by security experts for postponing patches for Adobe Reader X on Windows because the sandboxing technology included in the product protected users against zero-day exploits.
There is a belief that this type of practice encourages administrators and users to ignore security updates to Adobe Reader X because there were no successful attacks against the Protected Mode.
Fortunately, this update, which is part of Adobe Reader and Acrobat quarterly patch cycle, also features Adobe Reader X for Windows fixes for previously missed vulnerabilities.
The previously unpatched flaws were located in the bundled Flash Player component, authplay.dll. "These updates also incorporate the Adobe Flash Player update as noted in Security Bulletin APSB11-12 and Security Bulletin APSB11-13," the company notes.
A new critical vulnerability was patched in Flash Player yesterday, but it doesn't affect the Adobe Reader and Acrobat authplay.dll component.
The latest versions of Adobe Reader for Windows can be downloaded from here. The latest versions of Adobe Reader for Mac can be downloaded from here.