The Mac Security Blog
Adobe has released updates to its Reader and Acrobat PDF viewing and editing software to address two critical vulnerabilities that Adobe updated in Windows versions 9.x of these programs in December, as well as four other issues. These vulnerabilities “could cause the application to crash and potentially allow an attacker to take control of the affected system.”
More information about the update, along with download links, is available here.
Adobe has issued a security advisory regarding a zero-day vulnerability that is being exploited in the wild against Windows computers. This critical flaw affects Adobe Reader and Acrobat for Mac, as well as Windows and Unix, but attacks are only being seen against Windows computers for now. As Adobe says in their security advisory:
This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.
So, Mac users don’t need to worry yet. However, given that “Adobe categorizes this as a critical issue,” there will be a fix for the Mac versions of these programs “as part of the next quarterly update scheduled for January 10, 2012.”
These kinds of zero-day attacks are increasingly common against Adobe Reader and Acrobat, as PDFs are ubiquitous. As of yet, we have not seen any of these attacks target Macs, but it is certainly possible that Macs will be attacked in the future.
Remember, you can use Preview to view and annotate PDFs on Mac OS X. Unless you need special features that are present in Adobe’s software, this is the safest thing to do.
Adobe has updated its Acrobat and Reader software to address a number of critical security issues. “These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.”
Software affected by this round of updates is the following:
- Adobe Reader X (10.1) and earlier 10.x versions
- Adobe Reader 9.4.5 and earlier 9.x versions
- Adobe Reader 8.3 and earlier 8.x versions
- Adobe Acrobat X (10.1) and earlier 10.x versions
- Adobe Acrobat 9.4.5 and earlier 9.x versions
- Adobe Acrobat 8.3 and earlier 8.x versions
Users can update their Adobe software using the company’s auto-updater, or download new versions from the following web pages: Adobe Reader, Adobe Acrobat Pro.
Full details about these updates are available here.
Adobe has released a number of security updates for its software, fixing dozens of flaws and vulnerabilities, in their latest quarterly update release.
First out are updates to Adobe Reader and Acrobat. Fixing a baker’s dozen vulnerabilities, these are essential updates, as users may open PDFs found on the web. Mac users can download the latest version of Adobe Reader here, and can get Acrobat here. The vulnerabilities for these programs are considered critical.
Next comes Shockwave Player, whose security update patches two dozen vulnerabilities that Adobe considers to be critical. Mac users can get the latest version of Shockwave Player here.
Finally, the Flash Player update patches just one vulnerability, considered to be critical, and Mac users can get a new version of Flash Player here. Don’t count on that auto-updater doing anything, not every alerting you; we haven’t seen any alerts since it was added a couple of updates ago.
Adobe has issued a security advisory and updates for critical zero-day Acrobat and Reader vulnerabilities, which “could cause a crash and potentially allow an attacker to take control of the affected system.” Adobe states that one of these vulnerabilities is already being exploited in the wild.
Acrobat and Reader users can run Adobe Updater, or can download updates for Adobe Reader and Adobe Acrobat.
Adobe has issued a security bulletin outlining updates to its Reader and Acrobat software for a zero-day Flash flaw that has been exploited in the wild. The company has also issued a security bulletin for a Flash Player update for the same flaw.
With all of this, users should update all three of the programs, notably Flash Player, which is especially vulnerable to booby-trapped websites. Adobe also points out that Adobe Air is vulnerable, and recommends that users update that software, if they use it. Adobe Air is used for some standalone applications.
Google Chrome already was updated for this Flash Player issue, but if you use other browsers, you will need to update to the new version of Flash Player.
Mac users can get the updates at the following links:
For more information, see the appropriate security bulletins linked to above.