The quarterly release for Adobe Reader and Acrobat came out today. It resolves critical security vulnerabilities that were put off since the Protected Mode in Reader and Acrobat X should have neutralized the threats. In addition to version 10.1.2 of Reader and Acrobat now being available, version 9.5 was also release for both titles.
Along with the patches detailed in today’s security bulletin, today’s Adobe Reader blog post introduced the new or updated features with today’s release. They include:
- Further integration of Adobe EchoSign
- A new print dialog
- The ability to export PDF files to Word or Excel
- JavaScript Whitelisting
- A workaround for incompatibility with Safari 5.1
Expanding on the ability to whitelist Javascript, an ASSET blog post was published today on the topic.
The security updates resolved:
These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-4370).
These updates resolve a heap corruption vulnerability that could lead to code execution (CVE-2011-4371).
These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-4372).
These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-4373).
These updates include fixes for CVE-2011-2462 and CVE-2011-4369, previously addressed in Adobe Reader and Acrobat 9.x for Windows as referenced in Security Bulletin APSB11-30.
These updates also incorporate the Adobe Flash Player update as noted in Security Bulletin APSB11-28.
The next quarterly update is scheduled for April 10th, 2012.