[Updated 2013-05-21 @8:38 AM: I removed the paragraphs and image regarding a low resolution icon for Adobe Reader. What I had witnessed was, I have discovered, yet another bug in Apple's Finder application. I've witnessed the exact same phenomenon with other newly installed apps. Refreshing or relaunching the Finder removes the problem. Not good Apple! Apologies to Adobe.]
On schedule, Adobe has posted critical security updates of both Acrobat Pro and Reader. The download links are below.
Thankfully, Adobe has (belatedly) provided an updated Security Bulletin as well, which is also linked below. The updates patch 27 security vulnerabilities.
Security Bulletin:
http://www.adobe.com/support/security/bulletins/apsb13-15.html
Adobe Reader XI (11.0.03):
http://get2.adobe.com/reader/
Adobe Acrobat Pro XI (11.0.03):
http://www.macupdate.com/download/1833/AcrobatUpd11003.dmg
Here are the security CVE vulnerabilities patched by these updates:
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341).
These updates resolve an integer underflow vulnerability that could lead to code execution (CVE-2013-2549).
These updates resolve a use-after-free vulnerability that could lead to a bypass of Adobe Reader's sandbox protection (CVE-2013-2550).
These updates resolve an information leakage issue involving a Javascript API (CVE-2013-2737).
These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2013-2724).
These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2013-2730, CVE-2013-2733).
These updates resolve integer overflow vulnerabilities that could lead to code execution (CVE-2013-2727, CVE-2013-2729).
These updates resolve a flaw in the way Reader handles domains that have been blacklisted in the operating system (CVE-2013-3342).
--
No comments:
Post a Comment