Adobe released the promised security fixes for Adobe Reader and Acrobat 9.x for Windows

We have discussed in details the problems created by the recent exploits in two separate posts here  (Security Advisory for Adobe Reader and Acrobat (Update) and Brief analysis of the Adobe vulnerability ).

On Friday, Adobe published the fixes for the vulnerabilities CVE-2011-2462, referenced in Security Advisory APSA11-04, and CVE-2011-4369 which could cause a crash and potentially allow an attacker to take control of the affected system.

The updates address these vulnerabilities in Adobe Reader and Acrobat 9.x for Windows. We recommend users of Adobe Reader and Acrobat 9.4.6 to update to the latest version available on the website.

Adobe Reader X Protected Mode and Adobe Acrobat X Protected View prevent an exploit of the type currently targeting these vulnerabilities (CVE-2011-2462 and CVE-2011-4369) from executing. Because of this, Adobe is planning to address these issues in Adobe Reader and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, scheduled for January 10, 2012.


Sorin Mustaca

Data Security Expert