Adobe has released its quarterly batch of security updates, and issued a new Security Bulletin [APSB12-01] for its Reader and Acrobat products on Mac OS X and WIndows; an update for the Linux version is also available. Adobe categorizes these as Critical updates; they resolve four different memory corruption vulnerabilities, any of which could be exploited to execute arbitrary code. The following versions of the software are affected (Linux users, see below):
- Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
- Adobe Reader 9.4.7 and earlier 9.x versions for Windows
- Adobe Reader 9.4.6 and earlier 9.x versions for Macintosh
- Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
- Adobe Acrobat 9.4.7 and earlier 9.x versions for Windows
- Adobe Acrobat 9.4.6 and earlier 9.x versions for Macintosh
This update also includes the Adobe Flash Player update noted in Security Bulletin [APSB11-28], and patches for the earlier vulnerabilities (CVE-2011-2462 and CVE-2011-4369) identified in Security Bulletin [APSB11-30]. Patches for the latter vulnerabilities were released for versions 9.x of Reader and Acrobat for Windows at that time. That Security Bulletin has been revised (today) to include a recommendation that Linux users of Reader upgrade to version 9.4.7, which is available from Adobe’s FTP site.
Because Reader, especially, is widely installed on multiple platforms, it is a tempting target for the Bad Guys. I recommend that you update your systems as soon as you conveniently can. For either Reader or Acrobat, you can get the new version via the built-in update mechanism (Help / Check for Updates). Alternatively,, you can get the new version 9.5 for Windows here, and for Mac OS X here. Download links for Acrobat are in the Security Bulletin [APSB12-01].