Adobe Fixes Six Crucial Flaws within Acrobat and Reader

Adobe has issued security patches for 6 critical flaws within its Acrobat and Reader applications, with 2 being zero-day vulnerabilities that affected its three-dimensional rendering technology detected during December 2011, published eweek.com dated January 10, 2012.

Adobe, through its security advisory dated January 10, 2012, indicated that its new update impacts Acrobat X and Reader for Mac OS X (all versions) and Windows software. The company plugged 3 security holes causing memory corruption while 1 that caused heap corruption, all capable of facilitating malware execution within Adobe Acrobat 9.5 and 10.1.2 along with Reader. Importantly, Adobe, in its January 2012 update, has added the update for its Flash Player issued in November 2011.

The flaws leading to memory corruption, which Adobe has fixed within Product Representation Compact (PRC) and U3D, were the findings of the Computer Incidence Response Team of Lockheed Martin in December 2011. At that time Adobe released one important security advisory to caution consumers about the PDF-based assault; however, stated that attackers were solely aiming at Reader 9 and Acrobat running on Windows.

The advisory warned that the mentioned flaws could lead to the crash-down of the software as also potentially let a hacker gain hold over the vulnerable computer. Adobe.com published this on January 10, 2012.

Thus, owing to the security issues, Adobe advised both Mac and Windows operators towards revising software to the latest Adobe Reader X versions 10.1.2 urgently in order that their systems boar low risk of getting compromised. The revised software was available on the support site of Adobe, according to the advisory. Present consumers could equip themselves with the inbuilt upgrade tool of the software alternatively follow the application's prompt about the availability of the fresh edition, the advisory added.

Coincidentally, Adobe's new security update was released during Microsoft's own Patch Tuesday for January 2011, while Oracle will be releasing its Q1-2012 patch bulletin on January 17, 2012. Manager Jim Walter for McAfee Labs' Threat Intelligence Service stated that Adobe's emergency patches combined with Microsoft's of December 2011 will make IT-administrators busy handling patches during January 2012. Bezpeka.com reported this on January 11, 2012.

Related article: Adobe Rates Acrobat Vulnerabilities “Critical”

» SPAMfighter News - 1/20/2012