14 DAY TRIAL // After identifying critical vulnerabilities that could result in system crashes, Adobe recently released security updates that should improve Adobe Reader X (10.1), Adobe Acrobat X and some of the older version.
Adobe Reader X users and those who use earlier versions for Windows and Mac are recommended to install the latest corrections in order to protect their machines against the possibility of an attacker taking control of the device.
Early version which cannot be updated to the new 10.1 also have improvements available. This means that Adobe Reader 9.4.5 and Adobe Reader 8.3 can be upgraded to the Adobe Reader 9.4.6 and Adobe Reader 8.3.1.
UNIX users will benefit from an update starting with November 7, when a new release is scheduled.
December 13 is the date when the next security updates for Adobe Reader and Acrobat should be expected.
So what do these security improvements actually do? How do they improve the applications?
Apparently, the vulnerabilities were pretty serious, as according to the release that came with the updates, they could have caused system crashes and even allow a hacker to take control of your computer.
More precisely, the new patch fixes a local privilege-escalation vulnerability in the Windows version of Adobe Reader X. Also, they resolve a security bypass vulnerability that could lead to a code execution attempt made by a cybercriminal.
It seems as there were a lot of weak points that could lead to code execution, most of them caused by a heap or a buffer overflow and one that lied in the Adobe image parsing library due to a stack overflow.
Memory leakage condition, use-after-free and a logic error vulnerability were other things that could easily lead to an overtaken system by an outside user.
Among those who contributed to these updates were representatives of IBM X-Force Advanced Research, Fortinet's Fortiguard Labs, Onsec, Tipping Point's Zero Day Initiative, James Quirk and iDefense Labs.
Adobe Reader X is available for download here. Adobe Acrobat X 10.1.1 / 9.4.6 updates are available for download here.