Industry News

Adobe Fixes Eight Critical Vulnerabilities in Adobe and Acrobat Reader

Adobe has issued a new patch for Adobe and Acrobat Reader to fix eight critical-rated vulnerabilities that could lead to a remote-code-execution attack, according to the Adobe APSB14-20 security bulletin.

The vulnerabilities occur on both Windows and OSX operating systems.

“These updates address vulnerabilities that could potentially allow an attacker to take over the affected system. Adobe recommends users update their product installations to the latest versions,” the advisory said.

Image Credit: Adobe Reader Presentation web page

The newly issued patch resolves the following vulnerabilities:

CVE-2014-0560 – Use-after-free vulnerability on Windows and OSX that allows arbitrary code execution

CVE-2014-0561 – Heap-based buffer overflow vulnerability on Windows and OSX that allows arbitrary code execution

CVE-2014-0562 – Cross-site scripting (XSS) vulnerability on Windows and OSX that allows arbitrary web script injection

CVE-2014-0563 – Memory corruption on Windows and OSX that can cause a denial of service vulnerability

CVE-2014-0565 – Memory corruption vulnerabilities on Windows and OSX that allow arbitrary code execution

CVE-2014-0566 – Memory corruption vulnerabilities on Windows and OSX that allow arbitrary code execution

CVE-2014-0567 – Heap-based buffer overflow vulnerability on Windows and OSX that allows arbitrary code execution

CVE-2014-0568 – Sandbox protection bypass vulnerability on Windows that allows an attacker to execute native code in privileged context

The eight critical vulnerabilities have been assigned a level 1 priority rating for fixing.

Windows and OSX Acrobat and Adobe Reader users are advised to update to version 12.1.12 if they have a 10.X version or to version 11.0.09 if the installed version is 11.X.

About the author

Lucian Ciolacu

Still the youngest Bitdefender News writer, Lucian is constantly after flash news in the security industry, especially when something is vulnerable or exploited. Besides digging for 'hacker' scoops and data leaks, he enjoys sports, such as football and tennis.
He has also combined an interest for social and political sciences, as a graduate of the Political Science Faculty, with a passion for guitar and computer games.