Adobe Reader XI (11.0.12) is now available for download

Adobe has released updates for Adobe Reader XI (11.0.12) for Windows and Mac, and Adobe Reader X (10.1.15) for Windows and Mac. These updates address multiple critical-risk vulnerabilities that could cause a crash and potentially allow an attacker to take over the affected system.

Adobe recommends users update their product installations to the latest versions:
  • Users of Adobe Reader XI (11.0.11) for Windows and Mac should update to Adobe Reader XI (11.0.12).
  • Users of Adobe Reader X (10.1.14) for Windows and Mac should update to Adobe Reader X (10.1.15).

Overview
Adobe Reader is the free global standard for reliably viewing, printing, and commenting on Portable Document Format (PDF) documents with its original appearance preserved. Adobe Reader allows you open and interact with all types of PDF content, including forms and multimedia.

More information about Adobe Reader XI (11.0) available here.

Download Adobe Reader XI (11.0.12):
The links in this section correspond to files available for this download. Download the files appropriate for you.

For Adobe Reader users on Windows can find the appropriate update from Adobe Reader for Windows

For Adobe Reader users on Mac can find the appropriate update from Adobe Reader for Mac

What's new in Adobe Reader XI (11.0.12)?
This update contains the following updates and fixes:

Security fixed:
This build contains the following security fixes:
  • Fixed a buffer overflow vulnerability that could lead to code execution (CVE-2015-5093). 
  • Fixed heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5096, CVE-2015-5098, CVE-2015-5105). 
  • Fixed memory corruption vulnerabilities that could lead to code execution (CVE-2015-5087, CVE-2015-5094, CVE-2015-5100, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, CVE-2015-3095, CVE-2015-5115, CVE-2014-0566).
  • Fixed an information leak vulnerability (CVE-2015-5107). 
  • Fixed security bypass vulnerabilities that could lead to information disclosure (CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, CVE-2015-5089, CVE-2015-5092, CVE-2014-8450). 
  • Fixed a stack overflow vulnerability that could lead to code execution (CVE-2015-5110).
  • Fixed use-after-free vulnerabilities that could lead to code execution (CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5111, CVE-2015-5113, CVE-2015-5114).
  • Fixed validation bypass issues that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2015-4446, CVE-2015-5090, CVE-2015-5106).
  • Fixed a validation bypass issue that could be exploited to cause a denial-of-service condition on the affected system (CVE-2015-5091). 
  • Fixed integer overflow vulnerabilities that could lead to code execution (CVE-2015-5097, CVE-2015-5108, CVE-2015-5109). 
  • Fixed various methods to bypass restrictions on JavaScript API execution (CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, CVE-2015-5086). 
  • Fixed null-pointer dereference issues that could lead to a denial-of-service condition (CVE-2015-4443, CVE-2015-4444).

References:
Release Notes - Acrobat, Reader
Security Bulletin APSB15-15

No comments: