Adobe Updates Reader and Acrobat to Cover Critical Vulnerabilities
In two separate security updates, Adobe released new versions of its Reader and Acrobat to address vulnerabilities in the software. Both software updates address critical vulnerabilities and Adobe recommends users update their product installations to the latest versions.
The security issues addressed in Adobe Reader 9.5.3 and earlier versions affect all operating systems, and the issues addressed in Adobe Reader and Acrobat X and XV are for both Windows and Mac. These updates resolve flaws that could cause remote code execution, covering both CVE-2013-0640 and CVE-2013-0641:
- These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2013-0640).
- These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2013-0641).
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Reader XI (11.0.02).
- For users of Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader X (10.1.6).
- For users of Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader 9.5.4.
- Users of Adobe Reader 9.5.3 and earlier 9.x versions for Linux should update to Adobe Reader 9.5.4.
- Users of Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.02).
- Users of Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh should update to Adobe Acrobat X (10.1.6).
- Users of Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh should update to Adobe Acrobat 9.5.4.