Adobe Security Updates, January 2012

January 10, 2012

Adobe has released its quarterly batch of security updates, and issued a new Security Bulletin [APSB12-01] for its Reader and Acrobat products on Mac OS X and WIndows; an update for the Linux version is also available.  Adobe categorizes these as Critical updates; they resolve four different memory corruption vulnerabilities, any of which could be exploited to execute arbitrary code.  The following versions of the software are affected (Linux users, see below):

  • Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
  • Adobe Reader 9.4.7 and earlier 9.x versions for Windows
  • Adobe Reader 9.4.6 and earlier 9.x versions for Macintosh
  • Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
  • Adobe Acrobat 9.4.7 and earlier 9.x versions for Windows
  • Adobe Acrobat 9.4.6 and earlier 9.x versions for Macintosh

This update also includes  the Adobe Flash Player update noted in Security Bulletin [APSB11-28], and patches for the earlier vulnerabilities (CVE-2011-2462 and CVE-2011-4369) identified in  Security Bulletin [APSB11-30].  Patches for the latter vulnerabilities were released for versions 9.x of Reader and Acrobat for Windows at that time.  That Security Bulletin has been revised (today) to include a recommendation that Linux users of Reader upgrade to version 9.4.7, which is available from Adobe’s FTP site.

Because Reader, especially, is widely installed on multiple platforms, it is a tempting target for the Bad Guys.  I recommend that you update your systems as soon as you conveniently can.  For either Reader or Acrobat, you can get the new version via the built-in update mechanism (Help / Check for Updates).  Alternatively,, you can get the new version 9.5 for Windows here, and for Mac OS X here.  Download links for Acrobat are in the Security Bulletin [APSB12-01].


Microsoft Patch Tuesday, January 2012

January 10, 2012

Today is the second Tuesday of January, so, in keeping with its usual schedule, Microsoft has released this month’s batch of security bulletins and patches for Windows and related software.  This month, there are seven patches, for eight identified vulnerabilities.  Six of the patches are for Windows itself;  all supported versions of Windows are affected.  One of the patches has a maximum severity rating of Critical; the other five Windows patches are rated Important.  For a breakdown of patches by version and severity, check this month’s preview post.

The remaining patch, rated Important, is for Microsoft’s developer tools, specifically Microsoft Anti-Cross Site Scripting Library V3.x and  V4.0.

Further details, and download links, are in the Security Bulletin Summary for January 2012.  Microsoft says that four of the patch installations will definitely require a system restart, and the others may require one, depending on the configuration of your system.

As always, I recommend that you update your systems as soon as you conveniently can.

Update Tuesday, 10 January, 15:48 EST

The folks over at the SANS Internet Storm Center have posted their customary monthly summary of Microsoft’s patches, along with their estimate of the severity of the flaws patched.


%d bloggers like this: