Adobe has released updates for Adobe Reader XI (11.0.11) for Windows and Mac, and Adobe Reader X (10.1.14) for Windows and Mac. These updates address multiple critical-risk vulnerabilities that could cause a crash and potentially allow an attacker to take over the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.10) for Windows and Mac should update to Adobe Reader XI (11.0.11).
- Users of Adobe Reader X (10.1.13) for Windows and Mac should update to Adobe Reader X (10.1.14).
Overview
Adobe Reader is the free global standard for reliably viewing, printing, and commenting on Portable Document Format (PDF) documents with its original appearance preserved. Adobe Reader allows you open and interact with all types of PDF content, including forms and multimedia.
More information about Adobe Reader XI (11.0) available here.
Download Adobe Reader XI (11.0.11):
The links in this section correspond to files available for this download. Download the files appropriate for you.
For Adobe Reader users on Windows can find the appropriate update from Adobe Reader for Windows
For Adobe Reader users on Mac can find the appropriate update from Adobe Reader for Mac
What's new in Adobe Reader XI (11.0.11)?
This update contains the following updates and fixes:
Security fixed:
This build contains the following security fixes:
- Fixed use-after-free vulnerabilities that could lead to code execution (CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, CVE-2015-3059, CVE-2015-3075).
- Fixed heap-based buffer overflow vulnerabilities that could lead to code execution (CVE-2014-9160).
- Fixed a buffer overflow vulnerability that could lead to code execution (CVE-2015-3048).
- Fixed memory corruption vulnerabilities that could lead to code execution (CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, CVE-2015-3076).
- Fixed a memory leak (CVE-2015-3058).
- Fixed various methods to bypass restrictions on Javascript API execution (CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, CVE-2015-3074).
- Fixeds a null-pointer dereference issue that could lead to a denial-of-service condition (CVE-2015-3047).
- These updates provide additional hardening to protect against CVE-2014-8452, a vulnerability in the handling of XML external entities that could lead to information disclosure.
References:
Release Notes - Acrobat, Reader
Security Bulletin APSB15-10
No comments:
Post a Comment