Adobe warns of Reader X security holes

Adobe warns of Reader X security holes

Summary: Adobe ships patches for flaws that could cause the application to crash and potentially allow an attacker to take control of the affected system.

SHARE:

Adobe's flagship PDF Reader/Acrobat software contains multiple security vulnerabilities that expose computer users to dangerous hacker attacks.

Adobe warned about the vulnerabilities in a security bulletin that contained patches for Windows, Mac OS X and Linux users.

"These updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system," the company said.

Technical details on these vulnerabilities are not available.  Here's a brief glimpse from Adobe:

  • These updates resolve an integer overflow in the True Type Font (TTF) handling that could lead to code execution (CVE-2012-0774).
  • These updates resolve a memory corruption in the JavaScript handling that could lead to code execution (CVE-2012-0775).
  • These updates resolve a security bypass via the Adobe Reader installer that could lead to code execution (CVE-2012-0776).
  • These updates resolve a memory corruption in the JavaScript API that could lead to code execution (CVE-2012-0777) (Macintosh and Linux only).

The Adobe Reader X (10.1.3) and Adobe Acrobat X (10.1.3) updates also incorporate fixes for security holes in the ever-present Flash Player software.

Topics: Linux, Enterprise Software, Open Source, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • Ninite caught the update right away :).

    Ninite caught the update right away :). It's rapidly become one of the top apps I recommend to people.

    Seriously: Keep your apps up to date, especially the ones that use content from the Internet. Keep them, your browsers, and your OS up to date.
    CobraA1
  • someday somehow

    It would be cool if I could spend more time reading pdfs than patching Reader...
    mmckee58
    • I never had that

      ... having to patch the system because of a Adobe PDF Reader.

      Why so glum when there are very capable alternatives out there such as Sumatra and Foxit. It's a fool's game to stay with Adobe PDF Reader, expecting it to somehow, magically become a white knight.

      You're not a glutton for punishment, are you?
      thx-1138_
  • It's nice companies are still bothered to tell the public of problems

    The more people mewl about "Waaah, it's not secure", maybe they will not speak of issues or update things.

    Hey, like I keep reading, "nobody owes anyone anything"... or are there magical exceptions to the rule or something?

    No platform is secure, though it's usually nice to try. I'll give Adobe, Microsoft, and others a relative pass on this. Even if I do gripe from time to time re: security issues.
    HypnoToad72
    • The IT axis of evil

      It's best to avoid the Adobe, Java, Microsoft axis of evil cabal as much as possible.

      Too often these three forms of corporate bloatware are fobbed off on every PC sold here in the United States.
      ScorpioBlack
  • Adobe is lazy???

    Lazy was putting it nicely... Adobe is friggin incompetent...
    i8thecat4
  • Adobe and Oracle are brilliant.

    Adobe's bloatware abominations and the mess from Oracle called Java have become the main source of infections these days. I don't want to install a frigging operating system just to read a PDF. Do people actually download acrobat reader any more? It's been 6-7 years since I used it.
    kraterz
  • At least they discovered it...

    ...and built a patch for it, what more is there to ask for? I'm sure there are infinitely many more holes to be discovered and patched.

    Man-made software can never be made invulnerable to bugs; it only takes some time before a smaller (and harder to discover) bug sneaks into the software, while others are being squashed.
    MrElectrifyer