Adobe patches critical flaws in Reader, Acrobat, Flash Player and Illustrator

All of the security updates address remote code execution vulnerabilities

Adobe Systems released critical security updates for several products Tuesday in order to fix vulnerabilities that could allow attackers to take remote control of systems running the vulnerable software.

The products that received security patches were Flash Player, the Adobe AIR SDK (software development kit) and Compiler for building rich Internet applications, Adobe Reader, Adobe Acrobat, and Adobe Illustrator for CS6 (Creative Suite 6).

While security updates for Flash Player, AIR, Reader and Acrobat are released on a monthly basis, security patches for Illustrator, especially critical ones, are rare, the previous one being released two years ago.

In a security advisory Adobe said that the new Illustrator hotfix addresses a vulnerability that could be exploited to gain remote code execution on the affected system, but didn't specify how. The company recommends that users of Adobe Illustrator on Windows and Mac upgrade to the newly released 16.2.2 or 16.0.5 versions, depending on whether they're on a subscription or not.

The new Flash Player versions released Tuesday, 13.0.0.214 for Windows and Mac and 11.2.202.359 for Linux, fix a total of six vulnerabilities. One of them, identified as CVE-2014-0510, could result in arbitrary code execution and was demonstrated by members of Keen Team and Team 509 during the Pwn2Own hacking competition in March.

One of the other patched vulnerabilities could be exploited to bypass the same origin policy, an important security feature that prevents content loaded from different websites from interacting with each other, and the remaining four could be used to bypass different security protections in the program.

The Flash Player versions distributed with Google Chrome, Internet Explorer 10 and Internet Explorer 11 will automatically be updated through the update mechanisms of those browsers.

The same vulnerabilities were also fixed in the newly released Adobe AIR 13.0.0.111 SDK and Adobe AIR 13.0.0.111 SDK and Compiler, which bundle Flash Player.

Adobe Reader and Acrobat X and XI were updated to versions 11.0.07 and 10.1.10 in order to fix ten remote code execution flaws, one sandbox bypass and one information disclosure vulnerability. One remote code execution flaw, CVE-2014-0511, and the sandbox bypass, CVE-2014-0512, were used by a team from French vulnerability research firm Vupen during the Pwn2Own contest.

The Adobe Reader and Flash security updates received a priority rating of 1 from Adobe. This indicates that the company considers them to be easily exploitable once the patches have been reverse engineered, said Wolfgang Kandek, the chief technology officer at Qualys, via email. "Note that Adobe also does not provide patches for Windows XP anymore."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags patchessecurityAdobe Systemspatch managementExploits / vulnerabilitiesqualys

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?