Adobe Releases Critical Security Update
Tuesday, April 13, 2010 at 07:33PM
drStrangeP0rk in Acrobat, Adobe, Adobe Update, Reader
Adobe has released a new Adobe Reader Updater.app to handle updates of Reader and Acrobat. The updater still needs to be configured to check, download and install updates when they become available. It is Adobe's determination that users want these kinds of controls but I do not agree with their decision not make automatic updates a default instead opting for users choice.
In addition to the new updater which uses SSL properly we hope (we have not tested this yet) Reader and Acrobat have been updated to address various CVE's including the following:
- This update resolves a cross-site scripting vulnerability that could lead to code execution (CVE-2010-0190).
- This update resolves a prefix protocol handler vulnerability that could lead to code execution (CVE-2010-0191).
- This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0192).
- This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0193).
- This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0194).
- This update resolves a font handling vulnerability that could lead to code execution (CVE-2010-0195).
- This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0196).
- This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0197).
- This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0198).
- This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0199).
- This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0201).
- This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0202).
- This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0203).
- This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0204).
- This update resolves a heap-based overflow vulnerability that could lead to code execution (CVE-2010-1241).
Article originally appeared on magmatic.com (http://www.magmatic.com/).
See website for complete article licensing information.