Menu
Users should patch critical flaw in Adobe Reader and Acrobat, researchers say

Users should patch critical flaw in Adobe Reader and Acrobat, researchers say

Adobe also releases critical updates for Flash Player and AIR

Adobe Systems has released security patches for its Flash Player, Reader and Acrobat products, addressing a total of eight vulnerabilities, including one that is being exploited by attackers.

The actively exploited flaw affects Adobe Reader and was found by researchers from antivirus vendor Kaspersky Lab. The flaw was being used in isolated attacks, they said.

"At the moment, we are not providing any details on these attacks as the investigation is still ongoing," said Costin Raiu, director of Kaspersky's global research and analysis team, in a blog post. "Although these attacks are very rare, just to stay on the safe side we recommend everyone to get the update from the Adobe site as soon as possible."

The vulnerability allows attackers to escape the sandbox protection of Reader and Acrobat X and XI in order to execute code with elevated privileges on the Windows platform. Adobe addressed the flaw in the newly released 11.0.08 and 10.1.11 versions of the two products.

The company also released new versions of Flash Player for Windows, Mac and Linux, as well as updates for the Adobe AIR framework, its SDK (software development kit) and compiler.

The Flash Player and AIR updates address seven vulnerabilities, one of which can result in remote code execution. Five of the remaining vulnerabilities can be used to bypass memory address randomization, a mechanism designed to make exploitation harder, and one can be used to bypass other security restrictions.

The Flash Player versions bundled with Google Chrome, Internet Explorer 10 for Windows 8 and Internet Explorer 11 for Windows 8.1 will be updated automatically through those browsers. Users of Flash Player and earlier Internet Explorer versions on Windows should upgrade to version 14.0.0.176 and Firefox users should upgrade to version 14.0.0.179. Mac users should upgrade to version 14.0.0.176 and Linux users to version 11.2.202.400.

Adobe AIR users on Windows and Mac should upgrade to version 14.0.0.178 while Android users should upgrade to AIR 14.0.0.179, Adobe said in a security advisory.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags patchesonline safetysecurityAdobe Systemspatch managementExploits / vulnerabilities

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments