Adobe Releases Updates for Adobe Acrobat and Reader

Adobe has released version 10.1.1 to address critical vulnerabilities in Adobe Acrobat and Adobe Reader. Today’s updates also include version 9.4.6 and 8.3.1 for previous versions. Adobe Acrobat 8 and Reader 8 will stop being supported November 3rd.

The Security Bulletin partnered with this release details the vulnerabilities addressed with today’s update:

These updates resolve a local privilege-escalation vulnerability (Adobe Reader X (10.x) on Windows only) (CVE-2011-1353).

These updates resolve a security bypass vulnerability that could lead to code execution (CVE-2011-2431).

These updates resolve a buffer overflow vulnerability in the U3D TIFF Resource that could lead to code execution (CVE-2011-2432).

These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2433).

These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2434).

These updates resolve an buffer overflow vulnerability that could lead to code execution (CVE-2011-2435).

These updates resolve a heap overflow vulnerability in the Adobe image parsing library that could lead to code execution (CVE-2011-2436).

These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2437).

These updates resolve three stack overflow vulnerabilities in the Adobe image parsing library that could lead to code execution (CVE-2011-2438).

These updates resolve a memory leakage condition vulnerability that could lead to code execution (CVE-2011-2439).

These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2011-2440).

These updates resolve two stack overflow vulnerabilities in the CoolType.dll library that could lead to code execution (CVE-2011-2441).

These updates resolve a logic error vulnerability that could lead to code execution (CVE-2011-2442).

These updates also incorporate the Adobe Flash Player updates as noted in Security Bulletin APSB11-21.