Adobe has released fixes for Adobe Reader and Acrobat and the critical flaws in its software. The security bulletin released today addresses over 28 vulnerabilities in Adobe Reader and Adobe Acrobat.
For the full advisory update you can go to the Adobe website.
Citing critical vulnerabilities in versions 9.1.3, 8.1.6, and 7.1.3 of Adobe Reader and Acrobat, the company said, “These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.”
One of the issues Adobe’s latest patches will resolve is a heap overflow vulnerability that could allow an attacker to take control of the affected system. This vulnerability has been reported in the past as being exploited in targeted attacks. The update also resolves a memory corruption fix that can lead to a Denial of Service arbitrary code execution.
The company also addressed a vulnerability that could “allow a malicious user to bypass file extension security controls,” which only applied to Acrobat 9.X.
The release also resolves a cross-site scripting issue when the browser plugin is used with Google Chrome and Opera browsers, as addressed in the bulletin.
You can also download the Adobe patches via the links within the advisory bulletin.