As expected, Adobe today released new versions of its Acrobat and Reader software for Windows, Mac OS X, and Linux. These address two critical security vulnerabilities (one a memory corruption problem, the other a buffer overflow) that, if exploited, might give an attacker control over your system. According to Adobe’s Security Bulletin [APSB13-07], the following versions of the software are vulnerable:
- Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh
- Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh
- Adobe Reader 9.5.3 and earlier 9.x versions for Windows, Macintosh and Linux
- Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh
- Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh
- Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh
There is some evidence that these vulnerabilities are currently being exploited, primarily via E-mails that attempt to trick the user into opening a malicious PDF document.
Because the updates address a couple of serious vulnerabilities, I suggest that you update your systems as soon as you conveniently can. For Reader, Windows and Mac OS X users can get the new version via the update mechanism built into the software (Help -> Check for Updates). Alternatively, you can download update packages from these links:
Linux users can retrieve the new version, via FTP, from this link.
Please check the Security Bulletin for Acrobat update links.