Adobe fixes 29 flaws in Acrobat, Reader

Critical Adobe flaws could cause the applications to crash, enable an attacker to take full control of a victim's machine.

Adobe Systems Inc. issued an update Tuesday, repairing nearly 30 flaws identified as critical, as part of its quarterly update. Adobe warned that one flaw is being actively targeted by attackers.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Adobe Reader 9.2 and Acrobat 9.2 fix vulnerabilities that if exploited by an attacker, could cause the application to crash or allow an attacker to run malicious code and gain access to critical system files.

The Adobe update fixes errors in Adobe Reader and Acrobat 9.1.3 and Acrobat 8.1.6 for Windows, Macintosh and UNIX. Security vendors have warned that malicious PDF files were targeting an unpatched heap overflow vulnerability.

According to the Adobe October Security Bulletin, the update resolves multiple heap-based buffer overflow conditions, memory corruption issues and input validation errors that could lead to code execution. An input validation issue specific to an ActiveX control could lead to a denial-of-service (DoS) attack, Adobe said.

The update fixes an error with a third party Web download product that Adobe Reader uses, which could be exploited by an attacker to escalate local privileges. A cross-site scripting (XSS) issue has also been addressed in a browser plugin for the Google Chrome and Opera browsers.

Dig deeper on Securing Productivity Applications

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close