ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Adobe heads-up: Critical Reader/Acrobat patches on deck

By | January 6, 2012, 10:36am PST

Summary: This latest batch of security vulnerabilities are rated “critical” and will be available for Windows and Mac OS X users.

Adobe will join Microsoft on Patch Tuesday next week with fixes for gaping holes in the Reader X and Acrobat X software products.

According to an advance notice from Adobe, the updates are rated “critical” and will be available for Windows and Mac OS X users.

“These updates will include fixes for CVE-2011-2462 and CVE-2011-4369, previously addressed in Adobe Reader and Acrobat 9.x for Windows as referenced in Security Bulletin APSB11-30, the company said.

Affected software:

  • Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
  • Adobe Reader 9.4.7 and earlier 9.x versions for Windows
  • Adobe Reader 9.4.6 and earlier 9.x versions for Macintosh
  • Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
  • Adobe Acrobat 9.4.7 and earlier 9.x versions for Windows
  • Adobe Acrobat 9.4.6 and earlier 9.x versions for Macintosh
Adobe expects to make these updates available on Tuesday, January 10, 2012.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Adobe Systems Inc., Apple Macintosh, Patch Management, Microsoft Windows, Desktops, Operating Systems, Software, Hardware, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

8
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Adobe heads-up: Critical Reader/Acrobat patches on deck
Agnostic_OS 8th Jan
I am amazed by how many apologist there are for this disreputable company.
If we were talking about vehicles, and were a company made a seeming innocuous add-on to make you driving better but actually randomly unlocked the doors and gave the gas away, then someone would be in court and losing money.
If that company imperiled peoples livelihood they should pay.
If that company nearly caused the destruction of a profitable employer they should pay.
Adobe sails on, thumbing its nose at all the chaos its crapware has inflicted on some user. No apology, nothing!
Just some more notices that sometime in the future they might be fixing something "critical".
Does that sound like they are serious about your security - I think not!
View in thread
0 Votes
+ -
Seriously, is there a month without a Security alert of Adobe products?
RelaxWalk 6th Jan
This now becomes really tiring. The simplest would be to never use Acrobat Reader at all. Fortunately Adobe didn't create something as complex as an OS or .NET, otherwise there would be 100 security alerts per second.
0 Votes
+ -
You'd be even more upset
klumper Updated - 6th Jan
@RelaxWalk

If you got rooted or exploited per one of their products. Security is an ongoing process, and Adobe is simply doing their part to stay above the din, like other targeted platforms. It's not a step backwards, indeed just the opposite. Better they take their vulnerabilities seriously than not at all.

It's like shades of your mama dispensing that unpleasant spoonful of medicine when you were young. You resisted it, whined about it, but somehow once you got it down it seemed to make things better afterward. O P E N. W I D E. N O W.
0 Votes
+ -
RE: Adobe heads-up: Critical Reader/Acrobat patches on deck
Agnostic_OS 6th Jan
Adobe: simple sun-dried clay-mud bricks, or buildings made of this material.
Note -
Not recommended for areas of high security, critical heavy usage, or harsh weather.

Adobe software - see note above.
0 Votes
+ -
RE: Adobe heads-up: Critical Reader/Acrobat patches on deck
Rabid Howler Monkey 7th Jan
@Agnostic_OS You are, indeed, a harsh agnostic. Adobe has hardened it's Reader/Acrobat products with sandboxing. Like Microsoft, they put their legacy software in a sandbox. Download the 'X' version and it will, at least, be less insecure.

There are also plenty of alternate PDF products (e.g., Foxit Software). However, sometimes the alternatives are subject to the same vulnerabilities as Adobe's software. The embedded executable is one recent example. This points directly to the PDF document standard, which Adobe pretty much owns.

Non-standard PDF software is much more safe and secure. However, depending on the content of a given PDF document, it may not render at all or may render poorly.
0 Votes
+ -
RE: Adobe heads-up: Critical Reader/Acrobat patches on deck
Agnostic_OS Updated - 7th Jan
@Rabid Howler Monkey
As Adobe has over the years been one of the most useful keys for criminal hacking scum to rape $millions from so many people, IMHO everyone should feel offended when this slack, lazy, rich company reveals, yet again, that it's software is at fault.
Tell me how do ordinary folks get their money back from Adobe when Adobe software most probably unlocked their system to the criminals?
0 Votes
+ -
RE: Adobe heads-up: Critical Reader/Acrobat patches on deck
Rabid Howler Monkey Updated - 8th Jan
@Agnostic_OS Well, Adobe is in good company with Sun Microsystem's (now Oracle's) Java. Least-privilege (including discretionary access controls), keeping one's system/apps up-to-date and AV/AS/AM software don't cut it anymore, especially on highly-targeted platforms such as the Windows desktop and Windows/Linux servers.

Java now plays in the same league as Adobe Reader and Flash Player. Adobe, however, has worked closely with both Microsoft and Google to sandbox Flash Player with IE and Chrome, respectively. And, as I stated above, now provides the 'X' edition for Adobe Reader/Acrobat.

The AV/AS/AM companies signature-based products struggle to keep up with the malware miscreants. New variants of the ZeuS trojan, for example, seem to bypass signature-based software at will. In addition, ZeuS currently runs happily in a non-privileged account.

Btw, an interesting piece regarding malware (it's not getting any easier):

https://www.icsalabs.com/blogs/when-ages-and-revolutions-converge

Finally, as for ISV liability to users adversely impacted by malware, I have no clue why it has not followed liability in the transportation, health care, food and other industries.

P.S. Am not an Adobe employee, supporter or (even) user.

Edit: Changed "mandatory access controls" to "discretionary access controls".
0 Votes
+ -
Be careful what you wish for
klumper Updated - 7th Jan
@Agnostic_OS
IMHO everyone should feel offended when this slack, lazy, rich company reveals, yet again, that it's software is at fault.

Some of what you say carries substance, but the last thing you want is Adobe to return to those lazy hazy days of the past where they didn't take security seriously enough. Amazing the faults that can be found when you become the targeted. Just ask Microsoft.

PS. RHM: Excellent read from Roger Thompson. Thanks for posting it.
0 Votes
+ -
RE: Adobe heads-up: Critical Reader/Acrobat patches on deck
Agnostic_OS 8th Jan
I am amazed by how many apologist there are for this disreputable company.
If we were talking about vehicles, and were a company made a seeming innocuous add-on to make you driving better but actually randomly unlocked the doors and gave the gas away, then someone would be in court and losing money.
If that company imperiled peoples livelihood they should pay.
If that company nearly caused the destruction of a profitable employer they should pay.
Adobe sails on, thumbing its nose at all the chaos its crapware has inflicted on some user. No apology, nothing!
Just some more notices that sometime in the future they might be fixing something "critical".
Does that sound like they are serious about your security - I think not!

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix