Adobe has issued a new patch for Adobe and Acrobat Reader to fix eight critical-rated vulnerabilities that could lead to a remote-code-execution attack, according to the Adobe APSB14-20 security bulletin.
The vulnerabilities occur on both Windows and OSX operating systems.
“These updates address vulnerabilities that could potentially allow an attacker to take over the affected system. Adobe recommends users update their product installations to the latest versions,” the advisory said.
Image Credit: Adobe Reader Presentation web page
The newly issued patch resolves the following vulnerabilities:
CVE-2014-0560 – Use-after-free vulnerability on Windows and OSX that allows arbitrary code execution
CVE-2014-0561 – Heap-based buffer overflow vulnerability on Windows and OSX that allows arbitrary code execution
CVE-2014-0562 – Cross-site scripting (XSS) vulnerability on Windows and OSX that allows arbitrary web script injection
CVE-2014-0563 – Memory corruption on Windows and OSX that can cause a denial of service vulnerability
CVE-2014-0565 – Memory corruption vulnerabilities on Windows and OSX that allow arbitrary code execution
CVE-2014-0566 – Memory corruption vulnerabilities on Windows and OSX that allow arbitrary code execution
CVE-2014-0567 – Heap-based buffer overflow vulnerability on Windows and OSX that allows arbitrary code execution
CVE-2014-0568 – Sandbox protection bypass vulnerability on Windows that allows an attacker to execute native code in privileged context
The eight critical vulnerabilities have been assigned a level 1 priority rating for fixing.
Windows and OSX Acrobat and Adobe Reader users are advised to update to version 12.1.12 if they have a 10.X version or to version 11.0.09 if the installed version is 11.X.