Adobe has released version 10.1.1 to address critical vulnerabilities in Adobe Acrobat and Adobe Reader. Today’s updates also include version 9.4.6 and 8.3.1 for previous versions. Adobe Acrobat 8 and Reader 8 will stop being supported November 3rd.
The Security Bulletin partnered with this release details the vulnerabilities addressed with today’s update:
These updates resolve a local privilege-escalation vulnerability (Adobe Reader X (10.x) on Windows only) (CVE-2011-1353).
These updates resolve a security bypass vulnerability that could lead to code execution (CVE-2011-2431).
These updates resolve a buffer overflow vulnerability in the U3D TIFF Resource that could lead to code execution (CVE-2011-2432).
These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2433).
These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2434).
These updates resolve an buffer overflow vulnerability that could lead to code execution (CVE-2011-2435).
These updates resolve a heap overflow vulnerability in the Adobe image parsing library that could lead to code execution (CVE-2011-2436).
These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2437).
These updates resolve three stack overflow vulnerabilities in the Adobe image parsing library that could lead to code execution (CVE-2011-2438).
These updates resolve a memory leakage condition vulnerability that could lead to code execution (CVE-2011-2439).
These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2011-2440).
These updates resolve two stack overflow vulnerabilities in the CoolType.dll library that could lead to code execution (CVE-2011-2441).
These updates resolve a logic error vulnerability that could lead to code execution (CVE-2011-2442).
These updates also incorporate the Adobe Flash Player updates as noted in Security Bulletin APSB11-21.
You can download the Adobe Reader 10.1.1 setup.exe and the Acrobat 10.1.1 .msp update from the Adobe FTP server.
The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for December 13, 2011.