Accessibility

Security bulletin

Security update for Adobe Digital Editions

Release date: July 30, 2013

Vulnerability identifier: APSB13-20

Priority: See table below

CVE number: CVE-2013-1377

Platform: Windows and Macintosh

Summary

Adobe has released a security update for Adobe Digital Editions for Windows and Macintosh.  This update addresses a vulnerability in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system.

Adobe recommends users update their product installation using the instructions provided in the solution section below. 

Affected software versions

Adobe Digital Editions version 2.0.0 for Windows and Macintosh.

Solution

Adobe recommends users update their product by downloading the installer from http://www.adobe.com/products/digital-editions/download.html and following the instructions provided in the installation dialogue. 

Priority and severity ratings

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:

Product Updated version Platform Priority rating
Adobe Digital Editions 2.0.1 Windows and Macintosh 3
       

This update addresses a critical vulnerability in the software.

Details

Adobe has released a security update for Adobe Digital Editions for Windows and Macintosh.  This update addresses a vulnerability in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installation using the instructions provided in the solution section above. 

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-1377).


Acknowledgments

Adobe would like to thank Kaveh Ghaemmaghami (coolkaveh) via Secunia SVCRP for reporting this issue and for working with Adobe to help protect our customers.