1 reply to this topic

[Chachazz]

Security Advisory for Adobe Reader and Acrobat
Release date: April 5, 2012
Vulnerability identifier: APSB12-08

Adobe is planning to release security updates for Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for Linux, and Adobe Acrobat X (10.1.2) and earlier versions for Windows and Macintosh on Tuesday, April 10, 2012.

Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at http://blogs.adobe.com/psirt or by subscribing to the RSS feed at http://blogs.adobe.com/psirt/atom.xml.

(Note: This Security Advisory will be replaced with the Security Bulletin upon release of the updates on Tuesday, April 10, 2012.)


Affected software versions

• Adobe Reader X (10.1.2) and earlier 10.x versions for Windows and Macintosh
• Adobe Reader 9.5 and earlier 9.x versions for Windows and Macintosh
• Adobe Reader 9.4.6 and earlier 9.x versions for Linux
• Adobe Acrobat X (10.1.2) and earlier 10.x versions for Windows and Macintosh
• Adobe Acrobat 9.5 and earlier 9.x versions for Windows and Macintosh

http://www.adobe.com/support/security/bulletins/apsb12-08.html

[Chachazz]

Security updates available for Adobe Reader and Acrobat
Release date: April 10, 2012

Adobe released security updates for Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for Linux, and Adobe Acrobat X (10.1.2) and earlier versions for Windows and Macintosh. These updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system.

Review the Security Bulletin and get download links here: http://www.adobe.com.../apsb12-08.html

Adobe recommends users of Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1.3). For users of Adobe Reader 9.5 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1.3), Adobe has made available the update Adobe Reader 9.5.1. Adobe recommends users of Adobe Reader 9.4.6 and earlier versions for Linux update to Adobe Reader 9.5.1. Adobe recommends users of Adobe Acrobat X (10.1.2) for Windows and Macintosh update to Adobe Acrobat X (10.1.3). Adobe recommends users of Adobe Acrobat 9.5 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.5.1.

Affected software versions

• Adobe Reader X (10.1.2) and earlier 10.x versions for Windows and Macintosh
• Adobe Reader 9.5 and earlier 9.x versions for Windows and Macintosh
• Adobe Reader 9.4.6 and earlier 9.x versions for Linux
• Adobe Acrobat X (10.1.2) and earlier 10.x versions for Windows and Macintosh
• Adobe Acrobat 9.5 and earlier 9.x versions for Windows and Macintosh

Security issues addressed:

• These updates resolve an integer overflow in the True Type Font (TTF) handling that could lead to code execution (CVE-2012-0774).
• These updates resolve a memory corruption in the JavaScript handling that could lead to code execution (CVE-2012-0775).
• These updates resolve a security bypass via the Adobe Reader installer that could lead to code execution (CVE-2012-0776).
• These updates resolve a memory corruption in the JavaScript API that could lead to code execution (CVE-2012-0777) (Macintosh and Linux only).
• The Adobe Reader X (10.1.3) and Adobe Acrobat X (10.1.3) updates also incorporate the Adobe Flash Player updates as noted in Security Bulletins APSB12-03, APSB12-05 and APSB12-07.

For additional information related to Adobe Reader and Acrobat 9.5.1 changes impacting the authplay.dll component, please refer to the ASSET blog post.