Adobe today has released a new version of their pdf readers Adobe Reader and Acrobat raising the versions of said products to 9.3.3 respectively 9.3.3. Affected by the vulnerabilities are Adobe Reader 9.3.2 and earlier for Windows, Macintosh and Unix as well as Adobe Acrobat 9.3.2 and earlier for Windows and Macintosh.
The security bulletin sheds some light on the security issues that have been fixed in the release. A total of 17 different vulnerabilities have been fixed in Adobe Reader 9.3.3. Adobe has categorized the update as critical and recommends that users apply the latest updates immediately to protect their computer systems.
Exploits of any security vulnerability that has been patched in the update can lead to code execution on the affected system.
Adobe confirmed that at least one of the security vulnerabilities is actively exploited in the wild.
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1297).
Note: There are reports that this issue is being actively exploited in the wild.This update mitigates a social engineering attack that could lead to code execution (CVE-2010-1240).
This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-1285).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1295).
This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2168).
This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2201).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2202).
This update resolves a UNIX-only memory corruption vulnerability that could lead to code execution (CVE-2010-2203).
This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-2204).
This update resolves an uninitialized memory vulnerability that could lead to code execution (CVE-2010-2205).
This update resolves an array-indexing error vulnerability that could lead to code execution (CVE-2010-2206).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2207).
This update resolves a dereference deleted heap object vulnerability that could lead to code execution (CVE-2010-2208).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2209).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2210).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2211).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2212).
Adobe Reader 9.3.3 and Acrobat 9.3.3 are available for download at the Adobe website. Also available are Adobe Reader 8.2.3 and Adobe Acrobat 8.2.3 which both fix the security issues as well.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
Critical Adobe Reader And Flash Vulnerabilities EmergeAdobe Reader and Acrobat Critical Security Update
Adobe Fixes Critical Shockwave Vulnerability
Critical Adobe Reader Update
WordPress 3.0.4 Released, Fixes Critical Security Vulnerability
Does anybody know the difference between Adobe Reader and Adobe Reader MUI ?
One has English language interface and another has multiple language interfaces.
Thanks “bf”.
GG no update on http://get.adobe.com/reader/ 30 mins ago.
Update or not, for one I never open pdf documents in the browser, for two I disable javascript for Adobe Reader. Not paranoid, cautious :)
I am giving version 9 of Adobe Reader poor ratings because Adobe now have a horrendous security record, taking as long as 7 months in one case to patch a security hole.