MAAS History
Archives

Entries in Adobe Update (2)

Tuesday
Apr132010

Adobe Releases Critical Security Update

DateTuesday, April 13, 2010 at 07:33PM

Adobe has released a new Adobe Reader Updater.app to handle updates of Reader and Acrobat. The updater still needs to be configured to check, download and install updates when they become available. It is Adobe's determination that users want these kinds of controls but I do not agree with their decision not make automatic updates a default instead opting for users choice. 

In addition to the new updater which uses SSL properly we hope (we have not tested this yet) Reader and Acrobat have been updated to address various CVE's including the following:

  • This update resolves a cross-site scripting vulnerability that could lead to code execution (CVE-2010-0190).
  • This update resolves a prefix protocol handler vulnerability that could lead to code execution (CVE-2010-0191).
  • This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0192).
  • This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0193).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0194).
  • This update resolves a font handling vulnerability that could lead to code execution (CVE-2010-0195).
  • This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0196).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0197).
  • This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0198).
  • This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0199).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0201).
  • This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0202).
  • This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0203).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0204).
  • This update resolves a heap-based overflow vulnerability that could lead to code execution (CVE-2010-1241).

 

AuthordrStrangeP0rk | CommentPost a Comment | Reference2 References |
in , , ,
Tuesday
Jun092009

APSB09-07 - Security Updates available for Adobe Reader and Acrobat

DateTuesday, June 9, 2009 at 06:37PM

Run the Adobe Updater for Acrobat 9.1.1 and Reader 9.1.1

<<From the Security Bulletin>>

Critical vulnerabilities have been identified in Adobe Reader
9.1.1 and Acrobat 9.1.1 and earlier versions. These
vulnerabilities would cause the application to crash and could
potentially allow an attacker to take control of the affected
system.

Adobe recommends users of Adobe Reader 9 and Acrobat 9 and
earlier versions update to Adobe Reader 9.1.2 and Acrobat 9.1.2.
Adobe recommends users of Acrobat 8 update to Acrobat 8.1.6, and
users of Acrobat 7 update to Acrobat 7.1.3. For Adobe Reader
users who can't update to Adobe Reader 9.1.2, Adobe has provided
the Adobe Reader 8.1.6 and Adobe Reader 7.1.3 updates. Updates
apply to Windows and Macintosh. Security updates for Adobe
Reader on the UNIX platform will be available on June 16, 2009;
the Bulletin will be updated to reflect their availability on
that date.

This update incorporates the initial output of code hardening
efforts discussed in a May 20 Adobe ASSET (Adobe Secure Software
Engineering Team) blog post, as well as externally reported
issues.

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in ,