As part of its regularly scheduled quarterly security updates, Adobe patches its Reader, Acrobat, Shockwave and Flash products.
Adobe released five security bulletins as part of its quarterly security update. Three are rated "critical" and two "important."
Adobe fixed 11 vulnerabilities in Adobe Reader as part of its quarterly update released June 14. The company also resolved 24 vulnerabilities in its Shockwave Player and another serious flaw in Flash Player. The Flash Player bug could cause a crash and allow an attacker to take complete control of a system, Adobe said in its announcement.
"These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system," Adobe said.
Adobe patched Adobe Reader X and Acrobat X for Windows and Mac (APSB11-16), corresponding fixes in 8.x and 9.x versions, Shockwave Player for Windows and Mac (APSB11-17), and Flash Player (APSB11-1 for Windows, Mac OS X, Linux and Solaris. An updated version of the Flash Player for Android is expected later in the week, Adobe said. Important vulnerabilities in ColdFusion (APSB11-14), LiveCycle Data Services, LiveCycle ES and Blaze DS (APSB11-15) were also closed for Windows, Mac OS X and Unix versions.
"Some of these fixes have been a long wait for administrators," said Jason Miller, manager of research and development at VMware.
Several of the zero-day vulnerabilities that were resolved in Adobe Reader X in this update were addressed for 8.x and 9.x versions in March and April. Adobe had chosen to not update Reader X at the time because the sandbox technology in the latest version trapped the exploits and prevented them from executing. The vulnerabilities were exploited in the wild against older versions while Reader X remained unpatched, Miller said.
Continued : http://www.eweek.com/c/a/Security/Adobe-Fixes-36-Critical-Bugs-in-Quarterly-Security-Update-406821
Adobe Product Security Updates Available
VULNERABILITIES / FIXES - June 15, 2011