magmatic.com - Squawk Box - Adobe Releases Critical Security Update

MAAS History

Adobe Releases Critical Security Update

Tuesday, April 13, 2010 at 07:33PM

Adobe has released a new Adobe Reader Updater.app to handle updates of Reader and Acrobat. The updater still needs to be configured to check, download and install updates when they become available. It is Adobe's determination that users want these kinds of controls but I do not agree with their decision not make automatic updates a default instead opting for users choice.

In addition to the new updater which uses SSL properly we hope (we have not tested this yet) Reader and Acrobat have been updated to address various CVE's including the following:

This update resolves a cross-site scripting vulnerability that could lead to code execution (CVE-2010-0190).
This update resolves a prefix protocol handler vulnerability that could lead to code execution (CVE-2010-0191).
This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0192).
This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0193).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0194).
This update resolves a font handling vulnerability that could lead to code execution (CVE-2010-0195).
This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0196).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0197).
This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0198).
This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0199).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0201).
This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0202).
This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0203).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0204).
This update resolves a heap-based overflow vulnerability that could lead to code execution (CVE-2010-1241).

drStrangeP0rk |

References (2)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

magmatic.com by magmatic consulting is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Based on a work at http://magmatic.com.
Permissions beyond the scope of this license may be available at http://magmatic.com.