Adobe patches critical Flash, Reader and Acrobat vulnerabilities

Adobe patches critical Flash, Reader and Acrobat vulnerabilities

Summary: The patches deal with two critical vulnerabilities that let attackers take remote control of computers or execute malicious code, among others


Adobe has patched critical vulnerabilities in its Flash Player, Reader and Acrobat software products that let attackers take control of Windows systems and execute malicious code.

Adobe published security updates for the critical vulnerabilities on Tuesday. The most severe vulnerability, CVE-2012-1535, affects Adobe Flash Player 11.3.300.270 for Windows, Macintosh and Linux, and its earlier versions. It allows attackers to remotely control a computer and is being exploited in the wild in "limited targeted attacks", Adobe said in a security advisory.

The vulnerability is being distributed via malicious Microsoft Word documents and targets the ActiveX version of Flash Player for Internet Explorer on Windows systems. Adobe did not specify which version(s) of IE the exploit affects.

The company recommends Windows and Macintosh users should update Adobe Flash Player to version 11.3.300.271, Linux users should upgrade to and Google Chrome users need not worry as the software updates automatically. 

Along with this, Adobe issued a critical security update for its Reader and Acrobat software to fix a set of vulnerabilities that could let attackers execute malicious code. However, it did not indicate that this vulnerability was being used in targeted attacks. 

Windows and Macintosh users of Adobe Reader X 10.1.3 should upgrade to 10.1.4, while those on Adobe Reader 9.5.1 and unable to update to Adobe Reader X can upgrade to Reader 9.5.2. 

Macintosh and Windows users of Adobe Acrobat X 10.1.3 should move to 10.1.4. Finally, Windows and Macintosh users of Adobe Acrobat 9.5.1 should upgrade to 9.5.2.

Adobe also released an update for Adobe Shockwave Player to deal with a vulnerability that could allow remote code execution on the system. The company recommends that users of Adobe Shockwave Player update to the newest version,

Adobe warned users of the vulnerabilities on 9 August

Topics: Security, Enterprise Software

Jack Clark

About Jack Clark

Currently a reporter for ZDNet UK, I previously worked as a technology researcher and reporter for a London-based news agency.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion