After a week delay, Adobe has finally pushed out critical security updates for its frequently-attacked Reader and Acrobat PDF software packages to patch serious vulnerabilities that could lead to computers being compromised.
The new versions of Adobe Reader and Acrobat released Tuesday for both Windows and Macintosh computers address eight vulnerabilities, five of which could allow for remote code execution.
The remaining three vulnerabilities involve a sandbox bypass vulnerability that can be exploited to escalate an attacker’s privileges on Windows, a denial-of-service (DoS) vulnerability related to memory corruption, and a cross-site scripting (XSS) flaw that only affects the programs on the Mac platform. According to Adobe’s advisory, applying the patches will involve a system restart.
These security updates were originally planned for Tuesday, Sept. 9, to coincide with Microsoft’s monthly patch release, but Adobe postponed them due to issues identified during testing.Users are advised to update their installations as soon as possible, as Adobe Reader is widely used and has been targeted by attackers in the past.
The affected versions are:
- Adobe Reader XI (11.0.08) and earlier 11.x versions for Windows
- Adobe Reader XI (11.0.07) and earlier 11.x versions for Macintosh
- Adobe Reader X (10.1.11) and earlier 10.x versions for Windows
- Adobe Reader X (10.1.10) and earlier 10.x versions for Macintosh
- Adobe Acrobat XI (11.0.08) and earlier 11.x versions for Windows
- Adobe Acrobat XI (11.0.07) and earlier 11.x versions for Macintosh
- Adobe Acrobat X (10.1.11) and earlier 10.x versions for Windows
- Adobe Acrobat X (10.1.10) and earlier 10.x versions for Macintosh
The new versions can be downloaded by using the following links:
- Reader on Windows
- Reader on Mac
- Acrobat Standard and Pro on Windows
- Acrobat Standard and Pro on Mac