Critical Adobe Updates - March 2016

Published: 2016-03-08
Last Updated: 2016-03-08 21:38:19 UTC
by Rick Wanner (Version: 1)
4 comment(s)

Adobe has released updates for Acrobat and Acrobat Reader versions to address "critical vulnerabilities that could potentially allow an attacker to take control of the affected system".

According to Adobe, there are three CVE's fixed in these updates. CVE-2016-1007 and CVE-2016-1009 refer to memory corruption issues that could permit code execution.   CVE-2016-1008 refers to a resource directory search path issue that could also lead to code execution.

Both of these sound serious enough to warrant updating as soon as reasonable.

Further information can be found at:

https://helpx.adobe.com/security/products/reader/apsb16-09.html

https://helpx.adobe.com/acrobat/kb/known-issues-acrobat-dc-reader.html

http://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/index.html

http://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/11/11.0.15.html#elevenzerozerofifteen

 

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords: acrobat Adobe
4 comment(s)

Comments

Patch released for Flash also. One day late maybe?
Looks like the Flash player updates were released today (Thursday 2016-03-10).
https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
To possibly help anyone deploying the Reader 11 security patch and writing detection logic for it - the acrord32.exe file doesn't seem to be touched, and is still 11.0.14 from December. Acrord32.dll, however, is updated to 11.0.15, as well as some other files.
Adobe just released Flash 21.0.0.197

Diary Archives