Adobe heads-up: Critical Reader/Acrobat patches on deck

Adobe heads-up: Critical Reader/Acrobat patches on deck

Summary: This latest batch of security vulnerabilities are rated "critical" and will be available for Windows and Mac OS X users.

SHARE:

Adobe will join Microsoft on Patch Tuesday next week with fixes for gaping holes in the Reader X and Acrobat X software products.

According to an advance notice from Adobe, the updates are rated "critical" and will be available for Windows and Mac OS X users.

"These updates will include fixes for CVE-2011-2462 and CVE-2011-4369, previously addressed in Adobe Reader and Acrobat 9.x for Windows as referenced in Security Bulletin APSB11-30, the company said.

Affected software:

  • Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
  • Adobe Reader 9.4.7 and earlier 9.x versions for Windows
  • Adobe Reader 9.4.6 and earlier 9.x versions for Macintosh
  • Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
  • Adobe Acrobat 9.4.7 and earlier 9.x versions for Windows
  • Adobe Acrobat 9.4.6 and earlier 9.x versions for Macintosh

Adobe expects to make these updates available on Tuesday, January 10, 2012.

Topics: Windows, Apple, Enterprise Software, Hardware, Operating Systems, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • Seriously, is there a month without a Security alert of Adobe products?

    This now becomes really tiring. The simplest would be to never use Acrobat Reader at all. Fortunately Adobe didn't create something as complex as an OS or .NET, otherwise there would be 100 security alerts per second.
    RelaxWalk
    • You'd be even more upset

      @RelaxWalk <br><br>If you got rooted or exploited per one of their products. Security is an ongoing process, and Adobe is simply doing their part to stay above the din, like other targeted platforms. It's not a step backwards, indeed just the opposite. Better they take their vulnerabilities seriously than not at all.<br><br>It's like shades of your mama dispensing that unpleasant spoonful of medicine when you were young. You resisted it, whined about it, but somehow once you got it down it seemed to make things better afterward. O P E N. W I D E. N O W.
      klumper
  • RE: Adobe heads-up: Critical Reader/Acrobat patches on deck

    Adobe: simple sun-dried clay-mud bricks, or buildings made of this material.
    Note -
    Not recommended for areas of high security, critical heavy usage, or harsh weather.

    Adobe software - see note above.
    Agnostic_OS
    • RE: Adobe heads-up: Critical Reader/Acrobat patches on deck

      @Agnostic_OS You are, indeed, a harsh agnostic. Adobe has hardened it's Reader/Acrobat products with sandboxing. Like Microsoft, they put their legacy software in a sandbox. Download the 'X' version and it will, at least, be less insecure.

      There are also plenty of alternate PDF products (e.g., Foxit Software). However, sometimes the alternatives are subject to the same vulnerabilities as Adobe's software. The embedded executable is one recent example. This points directly to the PDF document standard, which Adobe pretty much owns.

      Non-standard PDF software is much more safe and secure. However, depending on the content of a given PDF document, it may not render at all or may render poorly.
      Rabid Howler Monkey
      • RE: Adobe heads-up: Critical Reader/Acrobat patches on deck

        @Rabid Howler Monkey <br>As Adobe has over the years been one of the most useful keys for criminal hacking scum to rape $millions from so many people, IMHO everyone should feel offended when this slack, lazy, rich company reveals, yet again, that it's software is at fault.<br>Tell me how do ordinary folks get their money back from Adobe when Adobe software most probably unlocked their system to the criminals?
        Agnostic_OS
      • RE: Adobe heads-up: Critical Reader/Acrobat patches on deck

        @Agnostic_OS Well, Adobe is in good company with Sun Microsystem's (now Oracle's) Java. Least-privilege (including discretionary access controls), keeping one's system/apps up-to-date and AV/AS/AM software don't cut it anymore, especially on highly-targeted platforms such as the Windows desktop and Windows/Linux servers.<br><br>Java now plays in the same league as Adobe Reader and Flash Player. Adobe, however, has worked closely with both Microsoft and Google to sandbox Flash Player with IE and Chrome, respectively. And, as I stated above, now provides the 'X' edition for Adobe Reader/Acrobat.<br><br>The AV/AS/AM companies signature-based products struggle to keep up with the malware miscreants. New variants of the ZeuS trojan, for example, seem to bypass signature-based software at will. In addition, ZeuS currently runs happily in a non-privileged account.<br><br>Btw, an interesting piece regarding malware (it's not getting any easier):<br><br> <a href="https://www.icsalabs.com/blogs/when-ages-and-revolutions-converge" target="_blank" rel="nofollow">https://www.icsalabs.com/blogs/when-ages-and-revolutions-converge</a><br><br>Finally, as for ISV liability to users adversely impacted by malware, I have no clue why it has not followed liability in the transportation, health care, food and other industries.<br><br>P.S. Am not an Adobe employee, supporter or (even) user.<br><br>Edit: Changed "mandatory access controls" to "discretionary access controls".
        Rabid Howler Monkey
      • Be careful what you wish for

        @Agnostic_OS <br>[i]IMHO everyone should feel offended when this slack, lazy, rich company reveals, yet again, that it's software is at fault.[/i]<br><br>Some of what you say carries substance, but the last thing you want is Adobe to return to those lazy hazy days of the past where they didn't take security seriously enough. Amazing the faults that can be found when you become the targeted. Just ask Microsoft.<br><br>PS. RHM: Excellent read from Roger Thompson. Thanks for posting it.
        klumper
  • RE: Adobe heads-up: Critical Reader/Acrobat patches on deck

    I am amazed by how many apologist there are for this disreputable company.
    If we were talking about vehicles, and were a company made a seeming innocuous add-on to make you driving better but actually randomly unlocked the doors and gave the gas away, then someone would be in court and losing money.
    If that company imperiled peoples livelihood they should pay.
    If that company nearly caused the destruction of a profitable employer they should pay.
    Adobe sails on, thumbing its nose at all the chaos its crapware has inflicted on some user. No apology, nothing!
    Just some more notices that sometime in the future they might be fixing something "critical".
    Does that sound like they are serious about your security - I think not!
    Agnostic_OS