Adobe Releases Security Updates for Adobe Reader and Acrobat [Download Adobe Reader 9.4 and Adobe Acrobat 9.4]

Written By Sam on 6 October 2010
Advertisements

Adobe has released an update for its PDF reader Adobe Reader and Adobe Acrobat, raising versions of the two programs to 9.4. Abode said that critical security vulnerabilities were identified in Adobe Reader 9.3.4 and earlier versions, as well as Acrobat 9.3.4 and earlier; and has recommended users of  Adobe Reader 9.3.4 (and earlier versions) and Adobe Acrobat 9.3.4 (and earlier versions) for Windows, Macintosh and UNIX update to Adobe Reader 9.4.

These updates were earlier scheduled to be released on October 12. With this accelerated schedule, Adobe informed that it will not release additional updates for Adobe Reader and Acrobat on that day; and also added the next quarterly security updates for the two programs are scheduled for February 8, 2011.

Adobe Reader

Users on Windows and Macintosh can utilize the product’s update mechanism. The default configuration is set to run automatic update checks on a regular schedule and can be manually activated by choosing Help -> Check for Updates.

(Adobe Reader 9.4 for UNIX will be available from the Adobe Reader Download Center at http://get.adobe.com/reader/ by October 21, 2010.)

Abode Acrobat

Users can utilize the product’s update mechanism. The default configuration is set to run automatic update checks on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Adobe has called on users to upgrade their version at the earliest to protect their computer systems against possible exploits. Users may also take a closer look at Adobe’s Security Bulletin at http://www.adobe.com/support/security/bulletins/apsb10-21.html

  • This update resolves a font-parsing input validation vulnerability that could lead to code execution (CVE-2010-2883). Note: There are reports that this issue is being actively exploited in the wild.
  • This update resolves a memory corruption vulnerability in the authplay.dll component that could lead to code execution (CVE-2010-2884).
  • This update resolves multiple potential Linux-only privilege escalation issues (CVE-2010-2887).
  • This update resolves multiple input validation errors that could lead to code execution (Windows, ActiveX only) (CVE-2010-2888).
  • This update resolves a font-parsing input validation vulnerability that could lead to code execution (CVE-2010-2889).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2890).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-3619).
  • This update resolves an image-parsing input validation vulnerability that could lead to code execution (CVE-2010-3620).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-3621).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-3622).
  • This update resolves a memory corruption vulnerability that could lead to code execution (Macintosh platform only) (CVE-2010-3623).
  • This update resolves an image-parsing input validation vulnerability that could lead to code execution (Macintosh platform only) (CVE-2010-3624).
  • This update resolves a prefix protocol handler vulnerability that could lead to code execution (CVE-2010-3625).
  • This update resolves a font-parsing input validation vulnerability that could lead to code execution (CVE-2010-3626).
  • This update resolves an input validation vulnerability that could lead to code execution(CVE-2010-3627).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-3628).
  • This update resolves an image-parsing input validation vulnerability that could lead to code execution (CVE-2010-3629).
  • This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-3630).
  • This update resolves an array-indexing vulnerability that could lead to code execution (Macintosh platform only) (CVE-2010-3631).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-3632).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-3658)
  • This update resolves a denial of service issue (CVE-2010-3656).
  • This update resolves a denial of service issue (CVE-2010-3657).

Leave your response!