Adobe April '10 Patch Tuesday Detailed: 15 Vulnerabilities Fixed
Article by George Norman
On 14 Apr 2010
Last week Adobe announced that on Tuesday, the 13th of April, it would release updates for Adobe Reader 9.3.1 as well as Adobe Reader 8.2.1 and Acrobat 8.2.1. The updates are meant to plug critical security holes in Adobe’s products.

As a little side note, Redmond-based software giant Microsoft on Tuesday, the 13th of April, also released updates that plug critical security holes in its products. To be more precise, Microsoft rolled out 11 security bulletins that address a total of 25 vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Exchange. Just to put things in perspective, 5 bulletins are rated critical. Additional details on the 11 bulletins Microsoft rolled out are available here.

Advertising

Getting back to Adobe, the California-based company that specializes in creating multimedia and creativity software products, did just what it said it would – it released updates for Windows, Mac and UNIX users. The updates apply to:
- Adobe Acrobat 9.3.1 and earlier versions for Windows, Macintosh, and UNIX.
- Adobe Reader 8.2.1 and earlier versions.
- Adobe Acrobat 8.2.1 and earlier versions for Windows and Macintosh.

The updates, as Adobe explained, address critical vulnerabilities that could crash its products and potentially allow a person with malicious intent to take control of the targeted system. To be more precise, the updates address 15 security vulnerabilities. These 15:
  • CVE-2010-0190 – cross-site scripting vulnerability that could lead to code execution.
  • CVE-2010-0191 – prefix protocol handler vulnerability that could lead to code execution.
  • CVE-2010-0192 – denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible.
  • CVE-2010-0193 – a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible.
  • CVE-2010-0194 – a memory corruption vulnerability that could lead to code execution.
  • CVE-2010-0195 – a font handling vulnerability that could lead to code execution.
  • CVE-2010-0196 – a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible.
  • CVE-2010-0197 – a memory corruption vulnerability that could lead to code execution.
  • CVE-2010-0198 – a buffer overflow vulnerability that could lead to code execution.
  • CVE-2010-0199 – a buffer overflow vulnerability that could lead to code execution.
  • CVE-2010-0201 – a memory corruption vulnerability that could lead to code execution.
  • CVE-2010-0202 – a buffer overflow vulnerability that could lead to code execution.
  • CVE-2010-0203 – a buffer overflow vulnerability that could lead to code execution.
  • CVE-2010-0204 – a memory corruption vulnerability that could lead to code execution.
  • CVE-2010-1241 – a heap-based overflow vulnerability that could lead to code execution.

“Adobe recommends users of Adobe Reader 9.3.1 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.2. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.3.2, Adobe has provided the Adobe Reader 8.2.2 update.) Adobe recommends users of Adobe Acrobat 9.3.1 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.2. Adobe recommends users of Acrobat 8.2.1 and earlier versions for Windows and Macintosh update to Acrobat 8.2.2,” said the company in this bulletin.

The April 2010 Patch Tuesday brings one other important change to Adobe’s products: the new updater, which was shipped back in October and which has been in passive state, will be turned on. Windows users will be able to select one of the follwing update options:
  • Automatically install updates – updates are downloaded in the background and installed without user intervention.
  • Automatically download updates but let me choose when to install them – updates are downloaded in the background, the user is then prompted to install them.
  • Do not download or install updates automatically – the software will not look for updates and will not install them; the user has to manually look for updates and install said updates.

According to numerous studies, silent updaters that require no user interaction are the best way to ensure the latest patches are applied and that the software does not expose the user to security risks.



Tags: Adobe, Adobe Reader, Adobe Acrobat, Update, Security
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 31 May 2017
Having lots of devices connected to your network and the internet isn't a problem, as long as you keep the bad guys out of the picture. That’s crucial, because they'll exploit any vulnerability that they can find.
By George Norman on 17 Jul 2017
If you want top notch protection for your Windows computer, you can’t go wrong by getting something developed by the internationally renowned security company Kaspersky Lab. The problem is that…
By George Norman on 21 Jul 2017
Unto the Evil, Hell Followed and Bloodfall, the 3 multiplayer DLCs that used to cost money, are now free for anyone who owns the brutally fun first person shooter, Doom. And that’s not all that Update 6.66 has to offer.
By George Norman on 26 Jul 2017
Top-notch real-time protection against viruses doesn’t have to cost money, not if you go with the recently introduced Kaspersky Free antivirus solution. It may not come with a lot of bells and whistles, but it nicely covers all the basics and...
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Adobe April '10 Patch Tuesday Detailed: 15 Vulnerabilities Fixed
HTML Linking Code