Adobe Fixes Eight Critical Vulnerabilities in Adobe and Acrobat Reader

Adobe has issued a new patch for Adobe and Acrobat Reader to fix eight critical-rated vulnerabilities that could lead to a remote-code-execution attack, according to the Adobe APSB14-20 security bulletin.

The vulnerabilities occur on both Windows and OSX operating systems.

“These updates address vulnerabilities that could potentially allow an attacker to take over the affected system. Adobe recommends users update their product installations to the latest versions,” the advisory said.

Image Credit: Adobe Reader Presentation web page

The newly issued patch resolves the following vulnerabilities:

CVE-2014-0560 – Use-after-free vulnerability on Windows and OSX that allows arbitrary code execution

CVE-2014-0561 – Heap-based buffer overflow vulnerability on Windows and OSX that allows arbitrary code execution

CVE-2014-0562 – Cross-site scripting (XSS) vulnerability on Windows and OSX that allows arbitrary web script injection

CVE-2014-0563 – Memory corruption on Windows and OSX that can cause a denial of service vulnerability

CVE-2014-0565 – Memory corruption vulnerabilities on Windows and OSX that allow arbitrary code execution

CVE-2014-0566 – Memory corruption vulnerabilities on Windows and OSX that allow arbitrary code execution

CVE-2014-0567 – Heap-based buffer overflow vulnerability on Windows and OSX that allows arbitrary code execution

CVE-2014-0568 – Sandbox protection bypass vulnerability on Windows that allows an attacker to execute native code in privileged context

The eight critical vulnerabilities have been assigned a level 1 priority rating for fixing.

Windows and OSX Acrobat and Adobe Reader users are advised to update to version 12.1.12 if they have a 10.X version or to version 11.0.09 if the installed version is 11.X.