Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Critical Adobe Updates - March 2016 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Critical Adobe Updates - March 2016

Adobe has released updates for Acrobat and Acrobat Reader versions to address "critical vulnerabilities that could potentially allow an attacker to take control of the affected system".

According to Adobe, there are three CVE's fixed in these updates. CVE-2016-1007 and CVE-2016-1009 refer to memory corruption issues that could permit code execution.   CVE-2016-1008 refers to a resource directory search path issue that could also lead to code execution.

Both of these sound serious enough to warrant updating as soon as reasonable.

Further information can be found at:

https://helpx.adobe.com/security/products/reader/apsb16-09.html

https://helpx.adobe.com/acrobat/kb/known-issues-acrobat-dc-reader.html

http://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/index.html

http://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/11/11.0.15.html#elevenzerozerofifteen

 

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Rick

290 Posts
ISC Handler
Patch released for Flash also. One day late maybe?
Paul Szabo

13 Posts
Looks like the Flash player updates were released today (Thursday 2016-03-10).
helpx.adobe.com/security/products/flash-player/…
Brad

334 Posts
ISC Handler
To possibly help anyone deploying the Reader 11 security patch and writing detection logic for it - the acrord32.exe file doesn't seem to be touched, and is still 11.0.14 from December. Acrord32.dll, however, is updated to 11.0.15, as well as some other files.
Jaybone

27 Posts
Adobe just released Flash 21.0.0.197
ELBE

13 Posts

Sign Up for Free or Log In to start participating in the conversation!