Adobe Fixes 'Critical' Reader, Flash Flaws

Microsoft earlier this week released a Patch Tuesday security update that addressed two 'critical' security flaws, one of which was found in its Internet Explorer browser.

Now, Adobe has released its own security update package. The goal: to fix vulnerabilities in its Reader, Acrobat, and Flash Player products.

Remote Code Execution a Concern

Adobe's security update for its Reader and Acrobat software involves almost thirty different vulnerabilities. Most of those flaws are related to potential arbitrary code execution vulnerabilities that, if exploited successfully, could allow a hacker to take control of a system.

Adobe says another flaw could potentially allow a hacker to bypass Adobe Reader's sandbox protection, a feature intended to block an attacker from successfully executing malicious code on the underlying system. (Source: pcworld.com)

In order to prevent these vulnerabilities from being exploited, Adobe is insisting users of its products download newly released updates, including: Adobe Reader XI (11.0.03), Adobe Reader X (10.1.7) and Adobe Reader 9.5.5 for Windows and Mac; Adobe Reader 9.5.5 for Linux; Adobe Acrobat XI (11.0.03), Adobe Acrobat X (10.1.7) and Adobe Acrobat 9.5.5 for both Windows and Mac.

Flash Player users are also encouraged to download an update that addresses thirteen different flaws. These vulnerabilities could lead to system crashes and remote code execution.

Windows and Mac users are encouraged to update to Flash Player 11.7.700.202. Adobe says the versions of Flash Player accompanying Chrome for Windows and Internet Explorer 10 will be updated automatically when Google and Microsoft release updates for those browsers.

Hackers Yet to Exploit Flaws

Here's the good news: Adobe says it has not learned of any scenarios where any of these vulnerabilities have been exploited by hackers.

It's believed some of the flaws, particularly those associated with Adobe's Reader software, were found during last month's Pwn2Own hacking contest.

Security expert Wolfgang Kandek says that even if hackers haven't yet exploited the flaws it's important Adobe users download and install the security updates.

"Patch as soon as possible because Adobe Reader is frequently attacked with file-based exploits," Kandek said. (Source: net-security.org)