Release date: August 12, 2014
Vulnerability identifier: APSB14-19
Priority: See table below
CVE numbers: CVE-2014-0546
Platform: Windows
Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.07) and earlier versions for Windows. These updates address a vulnerability that could allow an attacker to circumvent sandbox protection on the Windows platform. Adobe Reader and Acrobat for Apple's OS X are not affected.
Adobe is aware of evidence that indicates an exploit in the wild is being used in limited, isolated attacks targeting Adobe Reader users on Windows. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.07) and earlier versions for Windows should update to version 11.0.08.
- For users of Adobe Reader X (10.1.10) and earlier versions for Windows, who cannot update to version 11.0.08, Adobe has made available version 10.1.11.
- Users of Adobe Acrobat XI (11.0.07) and earlier versions for Windows should update to version 11.0.08.
- For users of Adobe Acrobat X (10.1.10) and earlier versions for Windows, who cannot update to version 11.0.08, Adobe has made available version 10.1.11.
- Adobe Reader XI (11.0.07) and earlier 11.x versions for Windows
- Adobe Reader X (10.1.10) and earlier 10.x versions for Windows
- Adobe Acrobat XI (11.0.07) and earlier 11.x versions for Windows
- Adobe Acrobat X (10.1.10) and earlier 10.x versions for Windows
Adobe recommends users update their software installations by following the instructions below:
Adobe Reader
Users on Windows can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
Adobe Acrobat
Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard and Pro users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
Acrobat Pro Extended users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
Adobe categorizes these updates with the following priority ratings and recommends users update their installations to the newest versions:
Product | Updated Version | Platform | Priority rating |
---|---|---|---|
Adobe Reader | XI (11.0.08) |
Windows |
1 |
Adobe Reader | X (10.1.11) |
Windows | 1 |
Adobe Acrobat | XI (11.0.08) |
Windows |
1 |
Adobe Acrobat |
X (10.1.11) |
Windows |
1 |
These updates address critical vulnerabilities in the software.
Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.07) and earlier versions for Windows. These updates address a vulnerability that could allow an attacker to circumvent sandbox protection on the Windows platform. Adobe Reader and Acrobat for Apple's OS X are not affected.
Adobe is aware of evidence that indicates an exploit in the wild is being used in limited, isolated attacks targeting Adobe Reader users on Windows. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.07) and earlier versions for Windows should update to version 11.0.08.
- For users of Adobe Reader X (10.1.10) and earlier versions for Windows, who cannot update to version 11.0.08, Adobe has made available version 10.1.11.
- Users of Adobe Acrobat XI (11.0.07) and earlier for Windows should update to version 11.0.08.
- For users of Adobe Acrobat X (10.1.10) and earlier versions for Windows, who cannot update to version 11.0.08, Adobe has made available version 10.1.11.
These updates resolve a sandbox bypass vulnerability that could be exploited to run native code with escalated privileges on Windows (CVE-2014-0546).