Critical updates for Adobe Reader and Acrobat released – you can breathe again

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Critical updates for Adobe Reader and Acrobat released - you can breathe again

You can stop holding your breath now, the wait is over.

Adobe has released security updates for Acrobat and its PDF Reader software fixing critical vulnerabilities in its Windows and Mac software.

Last week, on Patch Tuesday, Adobe explained that although it was releasing security patches for Flash Player and AIR, it was delaying its scheduled security updates for Reader and Acrobat, because of issues that had sprung up during testing.

Sign up to our free newsletter.
Security news, advice, and tips.

To be honest, it was hard not to feel grateful. After all, the last thing you want is for a vendor to push out a security update that causes conflicts and potentially creates more problems than the vulnerability it is trying to patch.

But at the same time there’s always a niggling thought burrowing away at the back of your mind – Adobe knows there’s a problem with some of its most popular products, but hasn’t patched them yet. Who else might know about the flaws and be keen to exploit them?

In a support advisory published on its website, Adobe gave the security updates for Adobe Reader X, Adobe Reader XI, Adobe Acrobat X and Adobe Acrobat XI, its highest priority rating.

Adobe only rates security updates as “Priority 1” if it believes that the vulnerabilities it resolves are being targeted or have a high risk of being exploited in the wild.

The vulnerabilities themselves are definitely serious enough to make the hairs stand on the back of your neck – if exploited some of them could allow attackers to run malware on your computer, potentially without you being aware that anything untoward was happening.

The most serious bugs fixed by Adobe involve vulnerabilities that could lead to remote code execution. The remaining flaws include a sandbox bypass vulnerability, a cross-site scripting flaw on Macs, and another security hole that could lead to a five of which could lead to potentially crash systems.

Administrators are advised to install the update across their networks as soon as possible. What counts as “soon as possible”? Well, Adobe recommends that it should be done within 72 hours – but clearly the sooner the better.

That’s not necessarily something that IT teams will look forward to, of course, especially when you consider that the updates require computers to be restarted.

So don’t delay, if you use Adobe Reader or Acrobat then upgrade to version 10.1.12 or 11.0.09 as soon as possible.

Find out more, and bookmark the links to grab the updates, on Adobe’s website.

This article originally appeared on the Optimal Security blog.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.