Adobe Reader and Acrobat 10.1.1 security updates
Report ID: AD201109001
Date Published: 13 September 2011
Criticality: Critical
Compromise Type: privilege-escalation remote-code-execution
Compromise From: local-system remote
Affected Product/Component:
Adobe Reader X (10.1)
Adobe Reader 9.4.5
Adobe Reader 8.3
Adobe Acrobat X (10.1)
Adobe Acrobat 9.4.5
Adobe Acrobat 8.3
Summary
Security updates for Adobe Reader X (10.1.1) and Adobe Acrobat X (10.1.1) have been released to address multiple vulnerabilities found in the prior versions.
Detailed Description
Adobe has introduced security fixes in Adobe Reader X (10.1.1) and Adobe Acrobat X (10.1.1) to resolve multiple vulnerabilities identified in the prior version of the products.
Thirteen total vulnerabilities were identified, twelve of which could be exploited to execute arbitrary code. One vulnerability only affects Adobe Reader X on Windows. It could lead to privilege escalation, and has to be exploited from the local system.
To protect from potential exploit of these vulnerabilities, users are recommended to update to Adobe Reader X (10.1.1) and/or Adobe Acrobat X (10.1.1). Users of Adobe Reader and Adobe Acrobat version 9.4.5 and 8.3 are recommended to update to the latest version (9.4.6 and 8.3.1).
CVE Reference
CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442
Solution
Update to the latest version of applicable product:
Adobe Reader
Adobe Acrobat
- Acrobat Standard and Pro on Windows
- Acrobat Pro Extended on Windows
- Acrobat 3D on Windows
- Acrobat Pro users on Macintosh
NOTE: Adobe Reader 9.4.6 for UNIX is scheduled for release on 7 November 2011.
