by Dancho Danchev
As part of its quarterly patch update, today Adobe issued a critical security update plugging multiple security holes in its Acrobat Reader, and Adobe Acrobat software applications.
More details:
The security bulletin is patching the following vulnerabilities CVE-2011-2462, CVE-2011-4369, CVE-2011-4370, CVE-2011-4371, CVE-2011-4372, CVE-2011-4373, allowing remote code execution attacks.
These updates address critical vulnerabilities in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. These updates include fixes for CVE-2011-2462 and CVE-2011-4369, previously addressed in Adobe Reader and Acrobat 9.x for Windows as referenced in Security Bulletin APSB11-30.
Affected software versions:
- Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
- Adobe Reader 9.4.7 and earlier 9.x versions for Windows
- Adobe Reader 9.4.6 and earlier 9.x versions for Macintosh
- Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
- Adobe Acrobat 9.4.7 and earlier 9.x versions for Windows
- Adobe Acrobat 9.4.6 and earlier 9.x versions for Macintosh
Adobe vulnerabilities are just the tip of the iceberg, when it comes to the malicious exploitation of client-side vulnerabilities. Contrary to the common belief that zero day vulnerabilities are the primary growth factor of the cybercrime ecosystem, numerous independent reports confirm that patched vulnerabilities are the primary exploitation vector for a cybercriminal’s malicious campaign.
Users are advised to ensure that they’re not running any outdated software, next to browser plugins.
You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.
Installing the updates proved problematic. On 2 vista business machines updates said it failed with error 1310, persistent saying try again eventually worked. On third vista business failed with another error a .dll that was not accessible. Redid it and it worked. On win7 machine updated with no problem.
You weren’t alone on this. We had some other people also comment that they had a hard time installing the updates and it took a few times. Good job with your persistence in getting in getting them installed.