Adobe Reader 9.4.0

Wederom een tussentijdse beveiligingsupdate voor Adobe Reader. Hierin worden 23 lekken gedicht, waaronder het zero-day-lek dat al enkele weken werd misbruikt door internet criminelen. De reguliere update-ronde van 12 oktober komt hiermee te vervallen.

Vanwege de vele zero-day-lekken (lekken die al uitgebuiten worden door kwaadwillenden en waar nog geen update voor is) in Adobe Reader lijkt productent Adobe gedwongen te worden om af te stappen van zijn driemaandelijkse updateronde. Of er een maandelijkse update komt of dat Adobe vertrouwen heeft in de beschermende sandbox die ontwikkeld wordt voor de PDF-lezer is vooralsnog onbekend.

Adobe Reader 9.4.0 is beschikbaar voor Windows, Mac OS X en Linux.

Release notes:
This update resolves a font-parsing input validation vulnerability that could lead to code
execution (CVE-2010-2883).
Note: There are reports that this issue is being actively exploited in the wild.
This update resolves a memory corruption vulnerability in the authplay.dll component that could
lead to code execution (CVE-2010-2884).
This update resolves multiple potential Linux-only privilege escalation issues (CVE-2010-2887).
This update resolves multiple input validation errors that could lead to code execution (Windows,
ActiveX only) (CVE-2010-2888).
This update resolves a font-parsing input validation vulnerability that could lead to code
execution (CVE-2010-2889).
This update resolves a memory corruption vulnerability that could lead to code execution
(CVE-2010-2890).
This update resolves a memory corruption vulnerability that could lead to code execution
(CVE-2010-3619).
This update resolves an image-parsing input validation vulnerability that could lead to code
execution (CVE-2010-3620).
This update resolves a memory corruption vulnerability that could lead to code execution
(CVE-2010-3621).
This update resolves a memory corruption vulnerability that could lead to code execution
(CVE-2010-3622).
This update resolves a memory corruption vulnerability that could lead to code execution
(Macintosh platform only) (CVE-2010-3623).
This update resolves an image-parsing input validation vulnerability that could lead to code
execution (Macintosh platform only) (CVE-2010-3624).
This update resolves a prefix protocol handler vulnerability that could lead to code execution
(CVE-2010-3625).
This update resolves a font-parsing input validation vulnerability that could lead to code
execution (CVE-2010-3626).
This update resolves an input validation vulnerability that could lead to code execution
(CVE-2010-3627).
This update resolves a memory corruption vulnerability that could lead to code execution
(CVE-2010-3628).
This update resolves an image-parsing input validation vulnerability that could lead to code
execution (CVE-2010-3629).
This update resolves a denial of service vulnerability; arbitrary code execution has not been
demonstrated, but may be possible (CVE-2010-3630).
This update resolves an array-indexing vulnerability that could lead to code execution
(Macintosh platform only) (CVE-2010-3631).
This update resolves a memory corruption vulnerability that could lead to code execution
(CVE-2010-3632).
This update resolves a memory corruption vulnerability that could lead to code execution
(CVE-2010-3658)
This update resolves a denial of service issue (CVE-2010-3656).
This update resolves a denial of service issue (CVE-2010-3657).

Reageren

Plain text

  • Toegelaten HTML-tags: <em> <strong> <br> <p>
  • Adressen van webpagina's en e-mailadressen worden automatisch naar links omgezet.
  • Regels en paragrafen worden automatisch gesplitst.
  • <img> elements are lazy-loaded.
Verplichte controlevraag
Om spam tegen te houden
oos_enrijk