Tuesday, May 14, 2013

New Adobe CRITICAL Security Updates:
Acrobat Pro and Reader 11.0.03

-
[Updated 2013-05-21 @8:38 AM: I removed the paragraphs and image regarding a low resolution icon for Adobe Reader. What I had witnessed was, I have discovered, yet another bug in Apple's Finder application. I've witnessed the exact same phenomenon with other newly installed apps. Refreshing or relaunching the Finder removes the problem. Not good Apple! Apologies to Adobe.]

 On schedule, Adobe has posted critical security updates of both Acrobat Pro and Reader. The download links are below.

 Thankfully, Adobe has (belatedly) provided an updated Security Bulletin as well, which is also linked below. The updates patch 27 security vulnerabilities.

 Security Bulletin:
http://www.adobe.com/support/security/bulletins/apsb13-15.html

 Adobe Reader XI (11.0.03):
http://get2.adobe.com/reader/

 Adobe Acrobat Pro XI (11.0.03):
http://www.macupdate.com/download/1833/AcrobatUpd11003.dmg

Here are the security CVE vulnerabilities patched by these updates:
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341).          

These updates resolve an integer underflow vulnerability that could lead to code execution (CVE-2013-2549).

These updates resolve a use-after-free vulnerability that could lead to a bypass of Adobe Reader's sandbox protection (CVE-2013-2550). 

These updates resolve an information leakage issue involving a Javascript API (CVE-2013-2737).

These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2013-2724).

These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2013-2730, CVE-2013-2733). 

These updates resolve integer overflow vulnerabilities that could lead to code execution (CVE-2013-2727, CVE-2013-2729).

These updates resolve a flaw in the way Reader handles domains that have been blacklisted in the operating system (CVE-2013-3342).


--
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)