Share

Related Stories

Top 5 Stories

News

Adobe plugs security holes in Reader and Acrobat, adds free e-signature to Reader

10 April 2012

Adobe has shipped updates for Reader and Acrobat that fix four security holes that could cause the application to crash and allow an attacker to take control of an affected system.

The security update covers Adobe Reader X (10.1.2) and earlier versions for Windows and Mac, Adobe Reader 9.4.6 and earlier 9.x versions for Linux, and Adobe Acrobat X (10.1.2) and earlier versions for Windows and Mac.

The update plugs four vulnerabilities: an integer overflow in True Type font handling that could lead to code execution (CVE-2012-0774); a memory corruption in JavaScript handling that could lead to code execution (CVE-2012-0775); a security bypass via the Adobe Reader installer that could lead to code execution (CVE-2012-0776); and a memory corruption in the JavaScript API that could lead to code execution (CVE-2012-0777 - Macintosh and Linux only).

Adobe acknowledged the help of Peter Vreugdenhil of HP DVLabs, Soroush Dalili, Mitja Kolsek of ACROS Security, and James Quirk of Los Alamos for reporting and working with Adobe to fix the vulnerabilities.

In addition to the security fixes, Adobe has added a free e-signature feature to Reader so that users can now sign, send, and manage documents from both the desktop and mobile versions of the program.

Adobe Reader X (version 10.1.3) for desktop offers new signature functionality with Adobe EchoSign that lets users choose how they want to electronically sign a document, either by drawing their signature or by adding a typed or cursive signature. Also available is the latest version of Adobe Reader for mobile, which now lets users electronically sign a document by simply drawing their signature.
 

This article is featured in:
Application Security  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×