Adobe warns of Reader X security holes
Summary: Adobe ships patches for flaws that could cause the application to crash and potentially allow an attacker to take control of the affected system.
Adobe's flagship PDF Reader/Acrobat software contains multiple security vulnerabilities that expose computer users to dangerous hacker attacks.
Adobe warned about the vulnerabilities in a security bulletin that contained patches for Windows, Mac OS X and Linux users.
"These updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system," the company said.
Technical details on these vulnerabilities are not available. Here's a brief glimpse from Adobe:
- These updates resolve an integer overflow in the True Type Font (TTF) handling that could lead to code execution (CVE-2012-0774).
- These updates resolve a memory corruption in the JavaScript handling that could lead to code execution (CVE-2012-0775).
- These updates resolve a security bypass via the Adobe Reader installer that could lead to code execution (CVE-2012-0776).
- These updates resolve a memory corruption in the JavaScript API that could lead to code execution (CVE-2012-0777) (Macintosh and Linux only).
The Adobe Reader X (10.1.3) and Adobe Acrobat X (10.1.3) updates also incorporate fixes for security holes in the ever-present Flash Player software.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Ninite caught the update right away :).
Seriously: Keep your apps up to date, especially the ones that use content from the Internet. Keep them, your browsers, and your OS up to date.
someday somehow
I never had that
Why so glum when there are very capable alternatives out there such as Sumatra and Foxit. It's a fool's game to stay with Adobe PDF Reader, expecting it to somehow, magically become a white knight.
You're not a glutton for punishment, are you?
It's nice companies are still bothered to tell the public of problems
Hey, like I keep reading, "nobody owes anyone anything"... or are there magical exceptions to the rule or something?
No platform is secure, though it's usually nice to try. I'll give Adobe, Microsoft, and others a relative pass on this. Even if I do gripe from time to time re: security issues.
The IT axis of evil
Too often these three forms of corporate bloatware are fobbed off on every PC sold here in the United States.
Adobe is lazy???
Adobe and Oracle are brilliant.
At least they discovered it...
Man-made software can never be made invulnerable to bugs; it only takes some time before a smaller (and harder to discover) bug sneaks into the software, while others are being squashed.