Adobe Reader 10.1.1 is now available for download

Adobe Reader has been updated to version 10.1.1. This update resolves several critical vulnerabilities in Adobe Reader X (10.1) and earlier versions for Windows and MAC OS, Adobe Reader 9.4.2 and earlier versions for UNIX, and Adobe Acrobat X (10.1) and earlier versions for Windows and MAC OS. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Reader X (10.1) and earlier versions for Windows and MAC OS update to Adobe Reader X (10.1.1), and users of Adobe Acrobat X (10.1) for Windows and Macintosh update to Adobe Acrobat X (10.1.1).

Affected software versions
  • Adobe Reader X (10.1) and earlier 10.x versions for Windows and Macintosh.
  • Adobe Reader 9.4.5 and earlier 9.x versions for Windows, Macintosh and UNIX.
  • Adobe Reader 8.3 and earlier 8.x versions for Windows and Macintosh.
  • Adobe Acrobat X (10.1) and earlier 10.x versions for Windows and Macintosh.
  • Adobe Acrobat 9.4.5 and earlier 9.x versions for Windows and Macintosh.
  • Adobe Acrobat 8.3 and earlier 8.x versions for Windows and Macintosh.

How to update Adobe Reader 10.1.1:
Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.

Download Adobe Reader 10.1.1:
New users on Windows can download Adobe Reader 10.1.1 from website listed below:

For Adobe Reader users on Macintosh can also find the appropriate update from Adobe Reader for Macintosh

What's new in Adobe Reader 10.1.1:
Adobe Reader 10.1.1 contains fixes the following security issues:
  • Resolve a local privilege-escalation vulnerability (Adobe Reader X (10.x) on Windows only) (CVE-2011-1353).
  • Resolve a security bypass vulnerability that could lead to code execution (CVE-2011-2431).
  • Resolve a buffer overflow vulnerability in the U3D TIFF Resource that could lead to code execution (CVE-2011-2432).
  • Resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2433).
  • Resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2434).
  • Resolve an buffer overflow vulnerability that could lead to code execution (CVE-2011-2435).
  • Resolve a heap overflow vulnerability in the Adobe image parsing library that could lead to code execution (CVE-2011-2436).
  • Resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2437).
  • Resolve three stack overflow vulnerabilities in the Adobe image parsing library that could lead to code execution (CVE-2011-2438).
  • Resolve a memory leakage condition vulnerability that could lead to code execution (CVE-2011-2439).
  • Resolve a use-after-free vulnerability that could lead to code execution (CVE-2011-2440).
  • Resolve two stack overflow vulnerabilities in the CoolType.dll library that could lead to code execution (CVE-2011-2441).
  • Resolve a logic error vulnerability that could lead to code execution (CVE-2011-2442).

Source: Adobe - Security bulletin (apsb11-24)

No comments: