Adobe plugs security holes in Reader and Acrobat, adds free e-signature to Reader

The security update covers Adobe Reader X (10.1.2) and earlier versions for Windows and Mac, Adobe Reader 9.4.6 and earlier 9.x versions for Linux, and Adobe Acrobat X (10.1.2) and earlier versions for Windows and Mac.

The update plugs four vulnerabilities: an integer overflow in True Type font handling that could lead to code execution (CVE-2012-0774); a memory corruption in JavaScript handling that could lead to code execution (CVE-2012-0775); a security bypass via the Adobe Reader installer that could lead to code execution (CVE-2012-0776); and a memory corruption in the JavaScript API that could lead to code execution (CVE-2012-0777 - Macintosh and Linux only).

Adobe acknowledged the help of Peter Vreugdenhil of HP DVLabs, Soroush Dalili, Mitja Kolsek of ACROS Security, and James Quirk of Los Alamos for reporting and working with Adobe to fix the vulnerabilities.

In addition to the security fixes, Adobe has added a free e-signature feature to Reader so that users can now sign, send, and manage documents from both the desktop and mobile versions of the program.

Adobe Reader X (version 10.1.3) for desktop offers new signature functionality with Adobe EchoSign that lets users choose how they want to electronically sign a document, either by drawing their signature or by adding a typed or cursive signature. Also available is the latest version of Adobe Reader for mobile, which now lets users electronically sign a document by simply drawing their signature.
 

What’s hot on Infosecurity Magazine?