Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Delayed Adobe Reader and Acrobat Security Updates Fix 9 Vulnerabilities

Adobe released security updates on Tuesday for Adobe Reader and Acrobat. The updates, originally set to be released last week, had been delayed due to issues identified during regression testing.

Adobe released security updates on Tuesday for Adobe Reader and Acrobat. The updates, originally set to be released last week, had been delayed due to issues identified during regression testing.

 Adobe Reader and Acrobat 11.0.09 for Windows and Mac address a total of nine vulnerabilities which have been assigned the following CVE identifiers: CVE-2014-0560, CVE-2014-0561, CVE-2014-0562, CVE-2014-0563, CVE-2014-0565, CVE-2014-0566, CVE-2014-0567 and CVE-2014-0568.

“These updates address vulnerabilities that could potentially allow an attacker to take over the affected system,” Adobe said in its advisory.

Wei Lei and Wu Hongjun of the Nanyang Technological University in Singapore have reported a use-after-free vulnerability that could be leveraged for arbitrary code execution (CVE-2014-0560). The two experts have also reported a couple of memory corruption bugs that could lead to code execution (CVE-2014-0565, CVE-2014-0566), and a potential denial-of-service (DoS) vulnerability related to memory corruption (CVE-2014-0563).

Frans Rosen of Detectify has reported a universal cross-site scripting (UXSS) flaw affecting the Mac versions of Reader and Acrobat (CVE-2014-0562). Heap overflow vulnerabilities that could lead to code execution (CVE-2014-0561, CVE-2014-0567) have been disclosed by Tom Ferris and an anonymous researcher through HP’s Zero Day Initiative.

James Forshaw of Google’s Project Zero uncovered a sandbox bypass flaw that could be exploited to run native code with escalated privileges on Windows (CVE-2014-0568).

The vulnerabilities are considered critical, which indicates that they allow malicious native-code to execute, potentially without a user being aware. The issues have been assigned a priority rating of 1, which means that they are either targeted, or they have a high risk of being targeted, by exploits in the wild.

Adobe did not warn about the security holes being exploited in the wild, but advises users of Adobe Reader and Acrobat 11.0.08 and earlier to update to version 11.0.09. For users of Adobe Reader and Acrobat 10.1.11 and earlier who can’t update their installations to version 11, the company has made available version 10.1.12.

 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.