Adobe Kicks Off the New Year with Bug Fixes for Multiple Products
Posted on
by
Derek Erwin
Adobe has kicked off the New Year with security updates for Adobe Flash Player 11.5.502.136 and earlier versions for Mac, as well as updates for Adobe Reader and Acrobat. Their first updates of the year address vulnerabilities that the company says could cause a crash and potentially allow an attacker to take control of the affected system.
The security update for Adobe Flash Player covers CVE-2013-0630, resolving a buffer overflow vulnerability related to arbitrary code execution. The security updates for Adobe Reader and Acrobat covers 26 CVEs, resolving vulnerabilities that affect all operating system platforms. From Adobe’s security bulletin, the following details describe the vulnerabilities resolved in the Reader and Acrobat updates:
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, CVE-2013-0620, CVE-2013-0623).
- These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2013-0602).
- These updates resolve heap overflow vulnerabilities that could lead to code execution (CVE-2013-0603, CVE-2013-0604).
- These updates resolve stack overflow vulnerabilities that could lead to code execution (CVE-2013-0610, CVE-2013-0626).
- These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, CVE-2013-0621).
- These updates resolve integer overflow vulnerabilities that could lead to code execution (CVE-2013-0609, CVE-2013-0613).
- These updates resolve a local privilege escalation vulnerability (CVE-2013-0627).
- These updates resolve logic error vulnerabilities that could lead to code execution (CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, CVE-2013-0614, CVE-2013-0618).
- These updates resolve security bypass vulnerabilities (CVE-2013-0622, CVE-2013-0624).
Users of Adobe Flash Player 11.5.502.136 and earlier versions for Macintosh should download the 16.09 MB update to Adobe Flash Player 11.5.502.146. Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.137 for Windows, Macintosh, and Linux. Users of Adobe AIR 3.5.0.890 and earlier versions for Mac should download the 25.3 MB update to Adobe AIR 3.5.0.1060.
Adobe Reader users on Macintosh can find the appropriate update here. Adobe Acrobat users on Mac can find the appropriate update here.