19
Aug 10

Adobe Issues Acrobat, Reader Security Patches

facebooktwittergoogle_plusredditpinterestlinkedinmail

Adobe Systems Inc. today issued software updates to fix at least two security vulnerabilities in its widely-used Acrobat and PDF Reader products. Updates are available for Windows, Mac and UNIX versions of these programs.

Acrobat and Reader users can update to the latest version, v. 9.3.4, using the built-in updater, by clicking “Help” and then “Check for Updates.”

Today’s update is an out-of-cycle release for Adobe, which recently moved to a quarterly patch release schedule. The company said the update addresses a vulnerability that was demonstrated at the Black Hat security conference in Las Vegas last month. The release notes also reference a flaw detailed by researcher Didier Stevens back in March. Adobe said it is not aware of any active attacks that are exploiting either of these bugs.

More information on these patches, such as updating older versions of Acrobat and Reader, is available in the Adobe security advisory.

Tags: , , , , ,

12 comments

  1. Didier Stevens’ attack code doesn’t work as a limited user. It won’t even launch the cmd.exe file, it just produces a permissions error. All the more reason to not run as admin.

  2. Also Brian, I recommend not going through Help > Update but through Edit > Preferences > Updater and selecting “Automatically Install Updates.” That way it just does it when an update is available.

    • Why the downvotes? It irks me that this isn’t the default on Acrobat. Not to mention javascript being enable by default. If Adobe made these changes we’d see a lot less acrobat-based attacks.

      • I don’t know why? Perhaps it is because it doesn’t work in the LAN environment? Most update features on most applications can’t make it trough the perimeter firewall.[or maybe IIS for some]

        I don’t use Adobe anymore, as I switched to Foxit, so I can’t really speak from experience. If I did – I might be able to vote up or down on this for you! ; )

  3. Thank you, Brian, your reminders are always helpful. Took less than a minute to update Reader.

    (Pet peeve: Why does every Adobe update put a shortcut on the desktop?)

  4. From the Adobe advisory in the post;

    Solution
    Adobe recommends users update their software installations by following the instructions below:

    later in the same post.


    Note: Adobe Reader 9.3.4 for Windows, Macintosh and UNIX will be available from the Adobe Reader Download Center at http://get.adobe.com/reader/ by August 31, 2010.

    Why even talk about the issue when you are going to give the bad guys time to use the exploit.

  5. Hi Brian, Thanks for this info. Just a question & anyone here can post too ^,^

    I’m still using Adobe Acrobat 7.0 Standard with most recent installed updates indicate as Version 7.1.4. I’ve visited the site to download update but since the most latest is still 7.1.4, does it mean I’m not affected?

    https://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

    TIA

    regarda, Jaybie

  6. Hi Brian, Thanks for this info. Just a question & anyone here can post too ^,^

    I’m still using Adobe Acrobat 7.0 Standard with most recent installed updates indicate as Version 7.1.4. I’ve visited the site to download update but since the most latest is still 7.1.4, does it mean I’m not affected?

    https://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

    TIA

    regards, Jaybie