Adobe January 2012 Black Tuesday overview

Published: 2012-01-10. Last Updated: 2012-01-10 19:38:39 UTC
by Adrien de Beaupre (Version: 1)
7 comment(s)

Adobe has released 1 bulletin today.

This updates Adobe products to the following versions:

  • Adobe Reader and Acrobat
    • 10.1.1 and previous
# Affected Known Exploits Adobe rating
APSB12-01 Multiple vulnerabilities in the adobe reader and adobe acrobat software allow privilege escalation (windows only) or random code execution.
Reader & Acrobat

CVE-2011-2462
CVE-2011-4369
CVE-2011-4370
CVE-2011-4371
CVE-2011-4372
CVE-2011-4373
Could allow for remote code execution. Update to 10.1.2 or 9.5. Critical

APSB11-30 and APSA11-04 were also updated.

Next scheduled Adobe security update is 10 April 2012.

Cheers,
Adrien de Beaupré
intru-shun.ca

7 comment(s)

Comments

Hi,

On reading the release docs, it appears version 8.3 isn't affected. Anyone else come to that conclusion? Are we finally doing better running and ancient version than the latest?
Looking at the revised bulletin, APSB 11-30, it appears that Linux users need an update also. Under "Affected Software":
Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh and Linux

Under "Solutions":
Adobe Reader 9.x users on Linux can find the appropriate update here:
ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/.

Cheers,
Rich
Repete - Adobe end of life'd Acrobat 8.x, so there are no patches at all and there wasn't any mention of 8.x in the last security bulletin. Scary times.
After upgrading to 10.1.2 our machines (XP SP3) started duplex printing pdfs by default. After some digging, creating/changing this key fixes the problem:

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\AVGeneral]
"iprintBookletDuplexMode"=dword:00000001

Maybe this will help someone else.
-Joel
Perhaps I've missed something, but it appears to me that it has now been 34 days since the 0-day was announced in Adobe Flash 11.1.102.55 (see http://isc.sans.edu/diary.html?storyid=12166) and there has yet to be even an acknowledgment from Adobe that they are working on the issue.
Correction,
"iDuplexMode"=dword:00000001

NOT iprintBookletDuplexMode
Sorry for the confusion.
-Joel
@Anyonymous.
It's scheduled to be released two and three quarters days after you've finished patching all your Acrobat Reader installations.

Diary Archives