Adobe fixes 29 flaws in Acrobat, Reader

Critical Adobe flaws could cause the applications to crash, enable an attacker to take full control of a victim's machine.

This Content Component encountered an error
This Content Component encountered an error

Adobe Systems Inc. issued an update Tuesday, repairing nearly 30 flaws identified as critical, as part of its quarterly update. Adobe warned that one flaw is being actively targeted by attackers.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Adobe Reader 9.2 and Acrobat 9.2 fix vulnerabilities that if exploited by an attacker, could cause the application to crash or allow an attacker to run malicious code and gain access to critical system files.

The Adobe update fixes errors in Adobe Reader and Acrobat 9.1.3 and Acrobat 8.1.6 for Windows, Macintosh and UNIX. Security vendors have warned that malicious PDF files were targeting an unpatched heap overflow vulnerability.

According to the Adobe October Security Bulletin, the update resolves multiple heap-based buffer overflow conditions, memory corruption issues and input validation errors that could lead to code execution. An input validation issue specific to an ActiveX control could lead to a denial-of-service (DoS) attack, Adobe said.

The update fixes an error with a third party Web download product that Adobe Reader uses, which could be exploited by an attacker to escalate local privileges. A cross-site scripting (XSS) issue has also been addressed in a browser plugin for the Google Chrome and Opera browsers.

Dig deeper on Securing Productivity Applications



Enjoy the benefits of Pro+ membership, learn more and join.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: