Date: 11 January 2012
References: ESB-2011.1199 ESB-2011.1264.2 ESB-2012.0047 ESB-2012.0046
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2011.1264.2
Security updates available for Adobe Reader and Acrobat
11 January 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Adobe Reader
Adobe Acrobat
Publisher: Adobe
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2011-4369 CVE-2011-2462
Reference: ESB-2012.0046
ESB-2011.1264
ESB-2011.1199
Original Bulletin:
http://www.adobe.com/support/security/bulletins/apsb11-30.html
Revision History: January 11 2012: Added information on Security Bulletin
APSB12-01 and information on Linux version
December 19 2011: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
Security updates available for Adobe Reader and Acrobat 9.x for Windows
Release date: December 16, 2011
Last updated: January 10, 2012
Vulnerability identifier: APSB11-30
CVE number: CVE-2011-2462, CVE-2011-4369
Platform: Windows, Macintosh and Linux
Summary
There have been reports of two critical vulnerabilities being actively
exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on
Windows. These vulnerabilities (CVE-2011-2462, referenced in Security Advisory
APSA11-04, and CVE-2011-4369) could cause a crash and potentially allow an
attacker to take control of the affected system.
Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent
an exploit of the type currently targeting these vulnerabilities (CVE-2011-2462
and CVE-2011-4369) from executing.
Adobe recommends users of Adobe Reader X (10.1.1) and earlier versions for
Windows and Macintosh update to Adobe Reader X (10.1.2). Adobe recommends users
of Adobe Acrobat X (10.1.1) for Windows and Macintosh update to Adobe Acrobat X
(10.1.2). For more information, please refer to Security Bulletin APSB12-01.
Adobe recommends users of Adobe Reader 9.4.6 and earlier 9.x versions for Linux
update to Adobe Reader 9.4.7.
Affected software versions
Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh and Linux
Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh
*Note: Adobe Reader for Android and Adobe Flash Player are not affected by these
issues.
Solution
Adobe recommends users of Adobe Reader X (10.1.1) and earlier versions for
Windows and Macintosh update to Adobe Reader X (10.1.2). Adobe recommends users
of Adobe Acrobat X (10.1.1) for Windows and Macintosh update to Adobe Acrobat X
(10.1.2). For more information, please refer to Security Bulletin APSB12-01.
Adobe Reader 9.x users on Linux can find the appropriate update here:
ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/.
Severity rating
Adobe categorizes these as critical updates and recommends that users apply the
latest updates for their product installations by following the instructions in
the "Solution" section above.
Details
There have been reports of two critical vulnerabilities being actively exploited
in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.
These vulnerabilities (CVE-2011-2462, referenced in Security Advisory APSA11-04,
and CVE-2011-4369) could cause a crash and potentially allow an attacker to take
control of the affected system.
Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent
an exploit of the type currently targeting these vulnerabilities (CVE-2011-2462
and CVE-2011-4369) from executing.
Adobe recommends users of Adobe Reader X (10.1.1) and earlier versions for
Windows and Macintosh update to Adobe Reader X (10.1.2). Adobe recommends users
of Adobe Acrobat X (10.1.1) for Windows and Macintosh update to Adobe Acrobat X
(10.1.2). For more information, please refer to Security Bulletin APSB12-01.
Adobe recommends users of Adobe Reader 9.4.6 and earlier 9.x versions for Linux
update to Adobe Reader 9.4.7.
These updates resolve a memory corruption vulnerability in the U3D component
that could lead to code execution (CVE-2011-2462).
These updates resolve a memory corruption vulnerability in the PRC component
that could lead to code execution (CVE-2011-4369).
The Adobe Reader and Acrobat for Windows and Macintosh updates also incorporate
the Adobe Flash Player update as noted in Security Bulletin APSB11-28.
Acknowledgments
Adobe would like to thank Lockheed Martin CIRT, MITRE and members of the
Defense Security Information Exchange for reporting these issues and for
working with Adobe to help protect our customers.
Revisions
January 10, 2012 - Added information on Security Bulletin APSB12-01 and
information on Linux version.
December 16, 2011 - Bulletin released.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTw0T1e4yVqjM2NGpAQLqDRAAr08fCtPcthkAX+lwNbbjTRKudC3OoQt6
gy9FWQEU0sQjO9ZFXjO6yF79kp5ZS12P4Tv2lf2elUl+GU64fzmfe8RRNGfDoqkE
mDMij5rwhM/k4fL6sOoKwGKuCw/OHkoxBKiJcepkMZKMk2LBX9J0kIy9a3dETcGR
dpaC90lu2oqLfCgbsHHzW3OSvOcDV3yQ5q5LL/51ZkTKDw/h004o1wh8y4F486ap
rseQuZxGEXcwQn/rHzDG5Ht1BiDEqzaSUHQwmxRWQGr093gmaAAbpmBrpO4kI7AK
0qfITNkFQhFmCJAJfCrEJ+JnodmdAVyA7tTsP2sxt8JkMk5Q8PCFSpKoIr3bBIMD
XoWZF0hOMtVVZRlZED20dITPsgPdBEEi04CC2o0XjTomCn88z3V9mJksuSN/mtbd
T3MRN8npMAUFKyE/TaOB/OdfxAz5Htt3ewZWctrrlc43CIGV53bZj82RYkLLzxPl
zehrcxPS4V58G+Ik2HdGuARXSCHWLwWvEjdT8AzK0kcPtl0G9hIRzDK0M+8ZowKA
VpRzo/rGIq61Ze6t38b6dNIG1rGMfwkWY2euWAXNiC148if+Fpx2SpCFioLzfsW9
XYggd/W5F1xAeNUB0z6PCLrNJ8q3IuvBSNj9P1IOlQ4VZ0OcYITDbu2yDVsUeOfg
pn+1ueMMEjg=
=NO1S
-----END PGP SIGNATURE-----
|