Critical Adobe Updates - March 2016

Published: 2016-03-08. Last Updated: 2016-03-08 21:38:19 UTC
by Rick Wanner (Version: 1)
4 comment(s)

Adobe has released updates for Acrobat and Acrobat Reader versions to address "critical vulnerabilities that could potentially allow an attacker to take control of the affected system".

According to Adobe, there are three CVE's fixed in these updates. CVE-2016-1007 and CVE-2016-1009 refer to memory corruption issues that could permit code execution.   CVE-2016-1008 refers to a resource directory search path issue that could also lead to code execution.

Both of these sound serious enough to warrant updating as soon as reasonable.

Further information can be found at:

https://helpx.adobe.com/security/products/reader/apsb16-09.html

https://helpx.adobe.com/acrobat/kb/known-issues-acrobat-dc-reader.html

http://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/index.html

http://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/11/11.0.15.html#elevenzerozerofifteen

 

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords: acrobat Adobe
4 comment(s)

Comments

Patch released for Flash also. One day late maybe?

Anonymous

Mar 10th 2016
8 years ago

Looks like the Flash player updates were released today (Thursday 2016-03-10).
https://helpx.adobe.com/security/products/flash-player/apsb16-08.html

Anonymous

Mar 10th 2016
8 years ago

To possibly help anyone deploying the Reader 11 security patch and writing detection logic for it - the acrord32.exe file doesn't seem to be touched, and is still 11.0.14 from December. Acrord32.dll, however, is updated to 11.0.15, as well as some other files.

Anonymous

Mar 11th 2016
8 years ago

Adobe just released Flash 21.0.0.197

Anonymous

Mar 24th 2016
8 years ago

Login here to join the discussion.


Top of page
Diary Archives