Adobe patches critical flaws in Reader, Acrobat, Flash Player and Illustrator

All of the security updates address remote code execution vulnerabilities

Adobe Systems released critical security updates for several products Tuesday in order to fix vulnerabilities that could allow attackers to take remote control of systems running the vulnerable software.

The products that received security patches were Flash Player, the Adobe AIR SDK (software development kit) and Compiler for building rich Internet applications, Adobe Reader, Adobe Acrobat, and Adobe Illustrator for CS6 (Creative Suite 6).

While security updates for Flash Player, AIR, Reader and Acrobat are released on a monthly basis, security patches for Illustrator, especially critical ones, are rare, the previous one being released two years ago.

In a security advisory Adobe said that the new Illustrator hotfix addresses a vulnerability that could be exploited to gain remote code execution on the affected system, but didn't specify how. The company recommends that users of Adobe Illustrator on Windows and Mac upgrade to the newly released 16.2.2 or 16.0.5 versions, depending on whether they're on a subscription or not.

The new Flash Player versions released Tuesday, 13.0.0.214 for Windows and Mac and 11.2.202.359 for Linux, fix a total of six vulnerabilities. One of them, identified as CVE-2014-0510, could result in arbitrary code execution and was demonstrated by members of Keen Team and Team 509 during the Pwn2Own hacking competition in March.

One of the other patched vulnerabilities could be exploited to bypass the same origin policy, an important security feature that prevents content loaded from different websites from interacting with each other, and the remaining four could be used to bypass different security protections in the program.

The Flash Player versions distributed with Google Chrome, Internet Explorer 10 and Internet Explorer 11 will automatically be updated through the update mechanisms of those browsers.

The same vulnerabilities were also fixed in the newly released Adobe AIR 13.0.0.111 SDK and Adobe AIR 13.0.0.111 SDK and Compiler, which bundle Flash Player.

Adobe Reader and Acrobat X and XI were updated to versions 11.0.07 and 10.1.10 in order to fix ten remote code execution flaws, one sandbox bypass and one information disclosure vulnerability. One remote code execution flaw, CVE-2014-0511, and the sandbox bypass, CVE-2014-0512, were used by a team from French vulnerability research firm Vupen during the Pwn2Own contest.

The Adobe Reader and Flash security updates received a priority rating of 1 from Adobe. This indicates that the company considers them to be easily exploitable once the patches have been reverse engineered, said Wolfgang Kandek, the chief technology officer at Qualys, via email. "Note that Adobe also does not provide patches for Windows XP anymore."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitypatch managementqualyspatchesAdobe SystemsExploits / vulnerabilities

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Brand Post

PC World Evaluation Team Review - MSI GT75 TITAN

"I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it."

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?