Adobe Releases Critical Patch for Acrobat, Reader

December 16, 2011

As expected. Adobe today released a Critical security bulletin [APSB11-30], and patch, for its Reader and Acrobat on Windows, versions 9.x.  This bulletin addresses the recently discovered memory corruption vulnerability [CVE-2011-2462], as well as another flaw [CVE-2011-4369].   It appears that these vulnerabilities are being exploited currently in targeted attacks, via malicious PDF documents.

According to Adobe, the threat is less for Acrobat X and Reader X on Windows (with Protected Mode / Protected View), as well as for versions on Mac OS X and UNIX.  Patches for these versions are to be released in Adobe’s normal quarterly update, scheduled for January 10, 2012.

If you have Reader or Acrobat 9.x installed on your Windows system, I recommend that you upgrade to the new version 9.4.7  as soon as you conveniently can.  Because this software is so widely used, it is an attractive target for the Bad Guys.  You can get the new version via the built-in update mechanism (Help / Check for Updates), or you can download the updates for Reader here, and Acrobat here.  Note that these are packages to update your existing installation, not full installs.

%d bloggers like this: