Menu
Users should patch critical flaw in Adobe Reader and Acrobat, researchers say

Users should patch critical flaw in Adobe Reader and Acrobat, researchers say

Adobe also releases critical updates for Flash Player and AIR

Adobe Systems has released security patches for its Flash Player, Reader and Acrobat products, addressing a total of eight vulnerabilities, including one that is being exploited by attackers.

The actively exploited flaw affects Adobe Reader and was found by researchers from antivirus vendor Kaspersky Lab. The flaw was being used in isolated attacks, they said.

"At the moment, we are not providing any details on these attacks as the investigation is still ongoing," said Costin Raiu, director of Kaspersky's global research and analysis team, in a blog post. "Although these attacks are very rare, just to stay on the safe side we recommend everyone to get the update from the Adobe site as soon as possible."

The vulnerability allows attackers to escape the sandbox protection of Reader and Acrobat X and XI in order to execute code with elevated privileges on the Windows platform. Adobe addressed the flaw in the newly released 11.0.08 and 10.1.11 versions of the two products.

The company also released new versions of Flash Player for Windows, Mac and Linux, as well as updates for the Adobe AIR framework, its SDK (software development kit) and compiler.

The Flash Player and AIR updates address seven vulnerabilities, one of which can result in remote code execution. Five of the remaining vulnerabilities can be used to bypass memory address randomization, a mechanism designed to make exploitation harder, and one can be used to bypass other security restrictions.

The Flash Player versions bundled with Google Chrome, Internet Explorer 10 for Windows 8 and Internet Explorer 11 for Windows 8.1 will be updated automatically through those browsers. Users of Flash Player and earlier Internet Explorer versions on Windows should upgrade to version 14.0.0.176 and Firefox users should upgrade to version 14.0.0.179. Mac users should upgrade to version 14.0.0.176 and Linux users to version 11.2.202.400.

Adobe AIR users on Windows and Mac should upgrade to version 14.0.0.178 while Android users should upgrade to AIR 14.0.0.179, Adobe said in a security advisory.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags patchesonline safetysecurityAdobe Systemspatch managementExploits / vulnerabilities

Featured

Slideshows

Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
Show Comments