Adobe Update Fixes Critical Reader, Acrobat Bugs

Adobe Update Fixes Critical Reader, Acrobat Bugs

Techtree News Staff, Jun 10, 2009 1810 hrs IST

About 13 critical vulnerabilities have been patched in Adobe Reader and Acrobat

Adobe had released new security updates for its Adobe Reader and Adobe Acrobat products. The update patches 13 critical bugs in Reader 9.1.1 and Acrobat 9.1.1 or earlier versions. The bugs would crash both applications and make the system vulnerable. Everybody using Reader and Acrobat need to update the respective software to 9.1.2 versions for Windows and Mac systems from links listed here.

Adobe's security bulletin also acknowledges that several publicly undocumented security bugs have been patched with these updates. These updates come only for Windows and Mac system users, while UNIX based Reader and Acrobat users will have to wait till June 16.

This update (CVE-2009-1855) resolves the stack overflow bug that opens up code execution potential. An integer over flow leading go Denial of Service attack/code execution has been fixed. Quite a few memory corruption vulnerabilities have been fixed in JBIG2 filter and others which lead to arbitrary code execution or Denial of Service attacks. Additional multiple heap overflow vulnerabilities leading to code execution have been fixed.

Adobe is now providing updates on quarterly basis and the next update can be expect on Sept. 8, unless some severe flaw is reported.