Adobe Reader XI (11.0.10) Now Available for Download

Adobe has released updates for Adobe Reader XI (11.0.10) for Windows and Mac, and Adobe Reader X (10.1.12) for Windows and Mac. These updates address multiple critical-risk vulnerabilities that could cause a crash and potentially allow an attacker to take over the affected system.


Adobe recommends users update their product installations to the latest versions:
  • Users of Adobe Reader XI (11.0.09) for Windows and Mac should update to Adobe Reader XI (11.0.10).
  • Users of Adobe Reader X (10.1.12) for Windows and Mac should update to Adobe Reader X (10.1.13).

Overview
Adobe Reader is the free global standard for reliably viewing, printing, and commenting on Portable Document Format (PDF) documents with its original appearance preserved. Adobe Reader allows you open and interact with all types of PDF content, including forms and multimedia.

More information about Adobe Reader XI (11.0) available here.

Download Adobe Reader XI (11.0.10):
The links in this section correspond to files available for this download. Download the files appropriate for you.


For Adobe Reader users on Windows can find the appropriate update from Adobe Reader for Windows

For Adobe Reader users on Mac can find the appropriate update from Adobe Reader for Mac

What's new in Adobe Reader XI (11.0.10)?
This update contains the following updates and fixes:

Security fixed:
This build contains the following security fixes:
  • Fixed use-after-free vulnerabilities that could lead to code execution (CVE-2014-8454, CVE-2014-8455, CVE-2014-9165).
  • Fixed heap-based buffer overflow vulnerabilities that could lead to code execution (CVE-2014-8457, CVE-2014-8460, CVE-2014-9159).
  • Fixed an integer overflow vulnerability that could lead to code execution (CVE-2014-8449).
  • Fixed memory corruption vulnerabilities that could lead to code execution (CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, CVE-2014-9158).
  • Fixed a time-of-check time-of-use (TOCTOU) race condition that could be exploited to allow arbitrary write access to the file system (CVE-2014-9150).
  • Fixed an improper implementation of a Javascript API that could lead to information disclosure (CVE-2014-8448, CVE-2014-8451).
  • Fixed a vulnerability in the handling of XML external entities that could lead to information disclosure (CVE-2014-8452).
  • Fixed vulnerabilities that could be exploited to circumvent the same-origin policy (CVE-2014-8453).

References:
Release Notes - Acrobat, Reader
Security Bulletin APSB14-28
at
Labels: , , , ,

No comments:

Post a Comment