Adobe Security Bulletin

Security update available for Adobe Digital Editions

Release date: January 22, 2014

Vulnerability identifier: APSB14-03

Priority: See table below

CVE number: CVE-2014-0494

Platform: Windows and Macintosh

Summary

Adobe has released a security update for Adobe Digital Editions for Windows and Macintosh. This update addresses a vulnerability in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system.

Adobe recommends users update their product installation using the instructions provided in the solution section below.

Affected software versions

Adobe Digital Editions version 2.0.1 for Windows and Macintosh.

Solution

Adobe recommends users update their product by downloading the installer from http://www.adobe.com/products/digital-editions/download.html and following the instructions provided in the installation dialogue.

Priority and severity ratings

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:

Product Updated version Platform Priority rating
Adobe Digital Editions 3.0 Windows & Macintosh
3

These updates address critical vulnerabilities in the software.

Details

Adobe has released a security update for Adobe Digital Editions for Windows and Macintosh. This update addresses a vulnerability in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system.

Adobe recommends users update their product installation using the instructions provided in the solution section above.

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2014-0494).

Acknowledgments

Adobe would like to thank Mario Gomes working with Beyond Security's SecuriTeam Secure Disclosure Project for reporting this issue and for working with Adobe to help protect our customers.