The Mac Security Blog

Security News

Adobe Reader and Acrobat Updates Resolve Vulnerabilities

Posted on by

adobe-patched-headerAdobe Systems has released new versions of Adobe Reader and Acrobat for Mac and Windows with updates that resolve multiple vulnerabilities. These updates address a total of eight vulnerabilities including a universal cross-site scripting (UXSS) vulnerability in Reader and Acrobat on Macintosh platforms (CVE-2014-0562) and others that could lead to code execution.

According to Adobe’s security bulletin, affected software versions include:

  • Adobe Reader XI (11.0.08) and earlier 11.x versions for Windows
  • Adobe Reader XI (11.0.07) and earlier 11.x versions for Macintosh
  • Adobe Reader X (10.1.11) and earlier 10.x versions for Windows
  • Adobe Reader X (10.1.10) and earlier 10.x versions for Macintosh
  • Adobe Acrobat XI (11.0.08) and earlier 11.x versions for Windows
  • Adobe Acrobat XI (11.0.07) and earlier 11.x versions for Macintosh
  • Adobe Acrobat X (10.1.11) and earlier 10.x versions for Windows
  • Adobe Acrobat X (10.1.10) and earlier 10.x versions for Macintosh

If you use Adobe Reader or Acrobat, make sure you’ve got the latest version installed. Users of Adobe Reader XI (11.0.08) and earlier versions should update to version 11.0.09. For users of Adobe Reader X (10.1.11) and earlier versions who cannot update to version 11.0.09, Adobe has made available version 10.1.12. Users of Adobe Acrobat XI (11.0.08) and earlier versions should update to version 11.0.09. For users of Adobe Acrobat X (10.1.11) and earlier versions, who cannot update to version 11.0.09, Adobe has made available version 10.1.12.

The vulnerabilities patched in these updates are described as follows:

  • These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2014-0560).
  • These updates resolve a universal cross-site scripting (UXSS) vulnerability in Reader and Acrobat on the Macintosh platform (CVE-2014-0562).
  • These updates resolve a potential denial-of-service (DoS) vulnerability related to memory corruption (CVE-2014-0563).
  • These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2014-0561, CVE-2014-0567).
  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2014-0565, CVE-2014-0566).
  • These updates resolve a sandbox bypass vulnerability that could be exploited to run native code with escalated privileges on Windows (CVE-2014-0568).

Adobe Reader and Acrobat users for Mac and Windows can get updates by utilizing the products update mechanism. (Update checks can be manually activated by choosing Help > Check for Updates.)

Adobe Reader users on Macintosh can find the appropriate update here. Adobe Reader users on Windows can find the appropriate update here.

Acrobat Pro users on Macintosh can find the appropriate update here. Acrobat Standard and Pro users on Windows can find the appropriate update here.