Adobe plugs critical Reader X security holes

Adobe fixes six serious vulnerabilities that expose Windows and Mac OS X users to malicious hacker attacks.

Adobe has shipped a critical Reader X update to fix at least six security flaws that expose Windows and Mac OS X users to hacker attacks.

"These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system," Adobe warned in an advisory.

The skinny:

  • These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-4370).
  • These updates resolve a heap corruption vulnerability that could lead to code execution (CVE-2011-4371).
  • These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-4372).
  • These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-4373).
  • These updates include fixes for CVE-2011-2462 and CVE-2011-4369, previously addressed in Adobe Reader and Acrobat 9.x for Windows as referenced in Security Bulletin APSB11-30.

Adobe said this batch of patches also incorporate the Flash Player update released last November.

Windows and Mac users are urged to upgrade to Adobe Reader X (10.1.2) immediately.