Adobe Security Updates, January 2012

Adobe has released its quarterly batch of security updates, and issued a new Security Bulletin [APSB12-01] for its Reader and Acrobat products on Mac OS X and WIndows; an update for the Linux version is also available.  Adobe categorizes these as Critical updates; they resolve four different memory corruption vulnerabilities, any of which could be exploited to execute arbitrary code.  The following versions of the software are affected (Linux users, see below):

  • Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
  • Adobe Reader 9.4.7 and earlier 9.x versions for Windows
  • Adobe Reader 9.4.6 and earlier 9.x versions for Macintosh
  • Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
  • Adobe Acrobat 9.4.7 and earlier 9.x versions for Windows
  • Adobe Acrobat 9.4.6 and earlier 9.x versions for Macintosh

This update also includes  the Adobe Flash Player update noted in Security Bulletin [APSB11-28], and patches for the earlier vulnerabilities (CVE-2011-2462 and CVE-2011-4369) identified in  Security Bulletin [APSB11-30].  Patches for the latter vulnerabilities were released for versions 9.x of Reader and Acrobat for Windows at that time.  That Security Bulletin has been revised (today) to include a recommendation that Linux users of Reader upgrade to version 9.4.7, which is available from Adobe’s FTP site.

Because Reader, especially, is widely installed on multiple platforms, it is a tempting target for the Bad Guys.  I recommend that you update your systems as soon as you conveniently can.  For either Reader or Acrobat, you can get the new version via the built-in update mechanism (Help / Check for Updates).  Alternatively,, you can get the new version 9.5 for Windows here, and for Mac OS X here.  Download links for Acrobat are in the Security Bulletin [APSB12-01].

Comments are closed.

%d bloggers like this: