Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Delayed Adobe Reader and Acrobat Security Updates Fix 9 Vulnerabilities

Adobe released security updates on Tuesday for Adobe Reader and Acrobat. The updates, originally set to be released last week, had been delayed due to issues identified during regression testing.

Adobe released security updates on Tuesday for Adobe Reader and Acrobat. The updates, originally set to be released last week, had been delayed due to issues identified during regression testing.

 Adobe Reader and Acrobat 11.0.09 for Windows and Mac address a total of nine vulnerabilities which have been assigned the following CVE identifiers: CVE-2014-0560, CVE-2014-0561, CVE-2014-0562, CVE-2014-0563, CVE-2014-0565, CVE-2014-0566, CVE-2014-0567 and CVE-2014-0568.

“These updates address vulnerabilities that could potentially allow an attacker to take over the affected system,” Adobe said in its advisory.

Wei Lei and Wu Hongjun of the Nanyang Technological University in Singapore have reported a use-after-free vulnerability that could be leveraged for arbitrary code execution (CVE-2014-0560). The two experts have also reported a couple of memory corruption bugs that could lead to code execution (CVE-2014-0565, CVE-2014-0566), and a potential denial-of-service (DoS) vulnerability related to memory corruption (CVE-2014-0563).

Frans Rosen of Detectify has reported a universal cross-site scripting (UXSS) flaw affecting the Mac versions of Reader and Acrobat (CVE-2014-0562). Heap overflow vulnerabilities that could lead to code execution (CVE-2014-0561, CVE-2014-0567) have been disclosed by Tom Ferris and an anonymous researcher through HP’s Zero Day Initiative.

James Forshaw of Google’s Project Zero uncovered a sandbox bypass flaw that could be exploited to run native code with escalated privileges on Windows (CVE-2014-0568).

The vulnerabilities are considered critical, which indicates that they allow malicious native-code to execute, potentially without a user being aware. The issues have been assigned a priority rating of 1, which means that they are either targeted, or they have a high risk of being targeted, by exploits in the wild.

Adobe did not warn about the security holes being exploited in the wild, but advises users of Adobe Reader and Acrobat 11.0.08 and earlier to update to version 11.0.09. For users of Adobe Reader and Acrobat 10.1.11 and earlier who can’t update their installations to version 11, the company has made available version 10.1.12.

Advertisement. Scroll to continue reading.

 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Mario Duarte, formerly head of security at Snowflake, has joined Aembit as CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.