APSB11-24: Security updates available for Adobe Reader and Acrobat (CVE-2011-2435)

Description

Critical vulnerabilities have been identified in Adobe Reader X (10.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.2 and earlier versions for UNIX, and Adobe Acrobat X (10.1) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Reader X (10.1) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1.1). For users of Adobe Reader 9.4.5 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1.1), Adobe has made available updates, Adobe Reader 9.4.6 and Adobe Reader 8.3.1. Adobe recommends users of Adobe Acrobat X (10.1) for Windows and Macintosh update to Adobe Acrobat X (10.1.1). Adobe recommends users of Adobe Acrobat 9.4.5 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.4.6, and users of Adobe Acrobat 8.3 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.3.1. Adobe Reader 9.4.6 for UNIX is currently scheduled to be released on November 7, 2011.

The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for December 13, 2011.

Note: Support for Adobe Reader 8.x and Acrobat 8.x for Windows and Macintosh will end on November 3, 2011. For more information, please see: Adobe Reader and Acrobat 8 End of Support.

Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.