본문 바로가기

벌새::Security

업데이트 : Adobe Reader & Adobe Acrobat 10.0.1 / 9.4.2 / 8.2.6

Adobe사에서 제공하는 PDF 관련 프로그램 Adobe Reader, Adobe Acrobat 제품에서 발견된 보안 문제를 해결한 Adobe Reader & Adobe Acrobat 10.0.1 / 9.4.2 / 8.2.6 버전이 공개되었습니다.


이번 업데이트에서는 총 29건에 대한 보안 문제가 해결되었으며, 해당 취약점들을 이용하여 공격자는 취약한 시스템의 권한 탈취(상승), 원격 코드 실행 등 다양한 악의적 동작을 유발할 수 있습니다.

[영향을 받는 소프트웨어]

Adobe Reader X 10.0.0.1 버전 (Windows, Macintosh)
Adobe Reader 9.4.1 버전 및 하위 버전 (Windows, Macintosh, UNIX)
Adobe Acrobat X 10.0.0.1 버전 및 하위 버전 (Windows, Macintosh)

참고로 Adobe Reader 9.4.1 버전(UNIX 기준) 사용자는 Adobe Reader 9.4.2 버전이 2011년 2월 28일경에 제공될 예정이므로 참고하시기 바랍니다.

Adobe Reader X & Adobe Acrobat X 버전을 사용하시는 분들은 Adobe Reader X & Adobe Acrobat X 10.0.1 버전으로 업데이트를 하시기 바라며, 그 외 하위 버전대를 사용하시는 분들은 Adobe Reader & Adobe Acrobat 9.4.2 버전 또는 Adobe Reader & Adobe Acrobat 8.2.6 버전으로 업데이트를 하시기 바랍니다.

특히 Adobe Reader X & Adobe Acrobat X 버전은 보안 강화를 목적으로 샌드박스(Sandbox) 기능이 포함되어 있으므로 보안을 생각하신다면 해당 버전으로 업데이트를 하시기 바랍니다.(단, 이전 버전 제품은 반드시 삭제를 하시고 설치를 하시기 바랍니다.)

이번에 해결된 보안 취약점의 세부적인 내용은 다음과 같습니다.

  1. CVE-2010-4091 : These updates resolve an input validation vulnerability that could lead to code execution.
  2. CVE-2011-0562 : These updates resolve a library-loading vulnerability that could lead to code execution.
  3. CVE-2011-0563 : These updates resolve a memory corruption vulnerability that could lead to code execution.
  4. CVE-2011-0564 : These updates resolve a Windows-only file permissions issue that could lead to privilege escalation.
  5. CVE-2011-0565 : These updates resolve a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible.
  6. CVE-2011-0566 : These updates resolve an image-parsing memory corruption vulnerability that could lead to code execution.
  7. CVE-2011-0567 : These updates resolve an image-parsing memory corruption vulnerability that could lead to code execution.
  8. CVE-2011-0568 : These updates resolve a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (Macintosh only).
  9. CVE-2011-0570 : These updates resolve a library-loading vulnerability that could lead to code execution.
  10. CVE-2011-0585 : These updates resolve a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible.
  11. CVE-2011-0586 : These updates resolve an input validation vulnerability that could lead to code execution.
  12. CVE-2011-0587 : These updates resolve an input validation vulnerability that could lead to a cross-site scripting vulnerability.
  13. CVE-2011-0588 : These updates resolve a library-loading vulnerability that could lead to code execution.
  14. CVE-2011-0589 : These updates resolve a memory corruption vulnerability that could lead to code execution.
  15. CVE-2011-0590 : These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution.
  16. CVE-2011-0591 : These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution.
  17. CVE-2011-0592 : These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution.
  18. CVE-2011-0593 : These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution.
  19. CVE-2011-0594 : These updates resolve a font parsing input validation vulnerability that could lead to code execution.
  20. CVE-2011-0595 : These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution.
  21. CVE-2011-0596 : These updates resolve a image parsing input validation vulnerability that could lead to code execution.
  22. CVE-2011-0598 : These updates resolve an image parsing input validation vulnerability that could lead to code execution.
  23. CVE-2011-0599 : These updates resolve an image parsing input validation vulnerability that could lead to code execution.
  24. CVE-2011-0600 : These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution.
  25. CVE-2011-0602 : These updates resolve an image parsing input validation vulnerability that could lead to code execution.
  26. CVE-2011-0603 : These updates resolve an image-parsing memory corruption vulnerability that could lead to code execution.
  27. CVE-2011-0604 : These updates resolve an input validation vulnerability that could lead to cross-site scripting.
  28. CVE-2011-0605 : These updates resolve a memory corruption vulnerability that could lead to code execution (Macintosh only).
  29. CVE-2011-0606 : These updates resolve a memory corruption vulnerability that could lead to code execution.
일반적으로 이들 공격은 악의적으로 조작된 PDF 문서를 사용자가 실행하도록 유도하는 것이므로, 신뢰할 수 없는 이메일 등에 첨부된 PDF 문서를 함부로 열지 않도록 주의하시기 바랍니다.

제품의 업데이트는 각 소프트웨어에서 제공하는 업데이트 확인 기능을 이용하여 자동 업데이트를 제공하므로 해당 기능을 이용하시기 바랍니다.