Menu
Users should patch critical flaw in Adobe Reader and Acrobat, researchers say

Users should patch critical flaw in Adobe Reader and Acrobat, researchers say

Adobe also releases critical updates for Flash Player and AIR

Adobe Systems has released security patches for its Flash Player, Reader and Acrobat products, addressing a total of eight vulnerabilities, including one that is being exploited by attackers.

The actively exploited flaw affects Adobe Reader and was found by researchers from antivirus vendor Kaspersky Lab. The flaw was being used in isolated attacks, they said.

"At the moment, we are not providing any details on these attacks as the investigation is still ongoing," said Costin Raiu, director of Kaspersky's global research and analysis team, in a blog post. "Although these attacks are very rare, just to stay on the safe side we recommend everyone to get the update from the Adobe site as soon as possible."

The vulnerability allows attackers to escape the sandbox protection of Reader and Acrobat X and XI in order to execute code with elevated privileges on the Windows platform. Adobe addressed the flaw in the newly released 11.0.08 and 10.1.11 versions of the two products.

The company also released new versions of Flash Player for Windows, Mac and Linux, as well as updates for the Adobe AIR framework, its SDK (software development kit) and compiler.

The Flash Player and AIR updates address seven vulnerabilities, one of which can result in remote code execution. Five of the remaining vulnerabilities can be used to bypass memory address randomization, a mechanism designed to make exploitation harder, and one can be used to bypass other security restrictions.

The Flash Player versions bundled with Google Chrome, Internet Explorer 10 for Windows 8 and Internet Explorer 11 for Windows 8.1 will be updated automatically through those browsers. Users of Flash Player and earlier Internet Explorer versions on Windows should upgrade to version 14.0.0.176 and Firefox users should upgrade to version 14.0.0.179. Mac users should upgrade to version 14.0.0.176 and Linux users to version 11.2.202.400.

Adobe AIR users on Windows and Mac should upgrade to version 14.0.0.178 while Android users should upgrade to AIR 14.0.0.179, Adobe said in a security advisory.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags patchesonline safetysecurityAdobe Systemspatch managementExploits / vulnerabilities

Slideshows

Meet the leading HP partners in New Zealand...

Meet the leading HP partners in New Zealand...

HP has recognised its top performing partners in New Zealand at the second annual 2016 HP Partner Awards, held at a glittering bash in Auckland. The HP Partner Awards recognises and celebrates excellence, growth, consistency and engagement of its top partners. This year also saw the addition of several new categories, resulting in 11 companies winning across 11 award categories.

Meet the leading HP partners in New Zealand...
Channel comes together as Ingram Micro Showcase hits Auckland

Channel comes together as Ingram Micro Showcase hits Auckland

Ingram Micro outlined its core focuses for 2017 at Showcase in Auckland, bringing together the channel for a day of engaging keynotes, compelling breakout sessions and new technologies.

Channel comes together as Ingram Micro Showcase hits Auckland
Show Comments