Further to the security alert A11-04-01 and further update A11-04-01a issued on 12.04.2011 and 18.04.2011 respectively, we would like to draw your attention that Adobe has released updated versions of Adobe Reader/Acrobat to address the issue. It will also fix another memory corruption vulnerability in the "CoolType" library found in Adobe Reader/Acrobat products. The respective versions can be updated by "Check for Updates" mechanism in Adobe Reader/Acrobat or can be downloaded at the following URLs:
- Adobe Reader version 9.4.4
* http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows (for Windows)
* http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh (for Macintosh)
- Adobe Reader version 10.0.3 for Macintosh
* http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh
- Adobe Acrobat Professional/Standard versions 9.4.4 and 10.0.3
* http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows (for Windows)
* http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh (for Macintosh)
- Adobe Acrobat Professional Extended version 9.4.4 for Windows
* http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
DITSOs (or your delegates) are also requested to inform the relevant system administrators and end users as appropriate about this issue.
More Information:
More information about this update is available at:
* http://www.adobe.com/support/security/bulletins/apsb11-07.html
* http://www.adobe.com/support/security/bulletins/apsb11-08.html
* http://www.adobe.com/support/security/advisories/apsa11-02.html
* http://www.us-cert.gov/current/index.html#adobe_releases_security_updates_for8
* http://www.kb.cert.org/vuls/id/230057
* http://secunia.com/advisories/44149/
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0610
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0611