Adobe Reader and Acrobat 10.1.1 security updates
Report ID: AD201109001
Date Published: 13 September 2011
Compromise Type: privilege-escalation remote-code-execution
Compromise From: local-system remote
Adobe Reader X (10.1)
Adobe Reader 9.4.5
Adobe Reader 8.3
Adobe Acrobat X (10.1)
Adobe Acrobat 9.4.5
Adobe Acrobat 8.3
Security updates for Adobe Reader X (10.1.1) and Adobe Acrobat X (10.1.1) have been released to address multiple vulnerabilities found in the prior versions.
Adobe has introduced security fixes in Adobe Reader X (10.1.1) and Adobe Acrobat X (10.1.1) to resolve multiple vulnerabilities identified in the prior version of the products.
Thirteen total vulnerabilities were identified, twelve of which could be exploited to execute arbitrary code. One vulnerability only affects Adobe Reader X on Windows. It could lead to privilege escalation, and has to be exploited from the local system.
To protect from potential exploit of these vulnerabilities, users are recommended to update to Adobe Reader X (10.1.1) and/or Adobe Acrobat X (10.1.1). Users of Adobe Reader and Adobe Acrobat version 9.4.5 and 8.3 are recommended to update to the latest version (9.4.6 and 8.3.1).
CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442
Update to the latest version of applicable product:
- Acrobat Standard and Pro on Windows
- Acrobat Pro Extended on Windows
- Acrobat 3D on Windows
- Acrobat Pro users on Macintosh
NOTE: Adobe Reader 9.4.6 for UNIX is scheduled for release on 7 November 2011.