Adobe Systems Inc. issued its quarterly security updates Tuesday, repairing a bevy of serious flaws in Flash Player and in Adobe Reader and Acrobat. The patches also included an Adobe Reader X update, repairing holes in the newly security-tuned PDF viewing software.
The software maker issued Adobe Flash Player 10.2.152.26, repairing more than a dozen critical vulnerabilities. Many of the Flash Player vulnerabilities include memory corruption errors that could be exploited by an attacker to gain access to a machine and execute code remotely.These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.
Adobe Systems Inc.,
Several of the vulnerabilities were reported through VeriSign Inc.'s iDefense Labs, including one flaw, which was among others that could be used in drive-by attacks. An attacker can inject malicious code in a webpage to exploit the error and gain the same privileges as the user.
Adobe also addressed critical holes identified in Adobe Shockwave Player 126.96.36.1995 and earlier versions.
In addition, Adobe issued a critical security update, repairing more than two dozen vulnerabilities in its Adobe Reader and Acrobat PDF viewing software. The update affects Adobe Reader X running on Windows and Macintosh, Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat X and earlier versions for Windows and Macintosh.
"These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system," Adobe said in its advisory.
Adobe Reader and Acrobat X are the company's highly touted applications that are configured to run in a sandbox to isolate the software from running OS processes. The new software makes it more difficult for cybercriminals to pull off a successful attack. The "risk for Adobe Reader X users is significantly lower as none of these issues bypass Protected Mode mitigations," Adobe said.