August 19, 2010

Adobe Systems Inc. today issued software updates to fix at least two security vulnerabilities in its widely-used Acrobat and PDF Reader products. Updates are available for Windows, Mac and UNIX versions of these programs.

Acrobat and Reader users can update to the latest version, v. 9.3.4, using the built-in updater, by clicking “Help” and then “Check for Updates.”

Today’s update is an out-of-cycle release for Adobe, which recently moved to a quarterly patch release schedule. The company said the update addresses a vulnerability that was demonstrated at the Black Hat security conference in Las Vegas last month. The release notes also reference a flaw detailed by researcher Didier Stevens back in March. Adobe said it is not aware of any active attacks that are exploiting either of these bugs.

More information on these patches, such as updating older versions of Acrobat and Reader, is available in the Adobe security advisory.

12 thoughts on “Adobe Issues Acrobat, Reader Security Patches

  1. drzaiusapelord

    Didier Stevens’ attack code doesn’t work as a limited user. It won’t even launch the cmd.exe file, it just produces a permissions error. All the more reason to not run as admin.

  2. drzaiusapelord

    Also Brian, I recommend not going through Help > Update but through Edit > Preferences > Updater and selecting “Automatically Install Updates.” That way it just does it when an update is available.

    1. drzaiusapelord

      Why the downvotes? It irks me that this isn’t the default on Acrobat. Not to mention javascript being enable by default. If Adobe made these changes we’d see a lot less acrobat-based attacks.

      1. JCitizen

        I don’t know why? Perhaps it is because it doesn’t work in the LAN environment? Most update features on most applications can’t make it trough the perimeter firewall.[or maybe IIS for some]

        I don’t use Adobe anymore, as I switched to Foxit, so I can’t really speak from experience. If I did – I might be able to vote up or down on this for you! ; )

  3. JBV

    Thank you, Brian, your reminders are always helpful. Took less than a minute to update Reader.

    (Pet peeve: Why does every Adobe update put a shortcut on the desktop?)

  4. n002213f

    From the Adobe advisory in the post;

    Adobe recommends users update their software installations by following the instructions below:

    later in the same post.

    Note: Adobe Reader 9.3.4 for Windows, Macintosh and UNIX will be available from the Adobe Reader Download Center at by August 31, 2010.

    Why even talk about the issue when you are going to give the bad guys time to use the exploit.

      1. Jaybie

        Hello Brian,

        Thanks for the suggestion, BTW we’re on tight budget for additional software & license. Maybe we stick on it for a while.

        Nice link, seems it’s End of Support Time on my version.

        Thanks a lot.

    1. timeless

      You should be able to install the newer version of reader w/o adversely impacting Acrobat, just be sure to use Reader for all pdf’s you get….

      Reader is free…

      1. Jaybie

        Hi Timeless,

        Thank you for your suggestion, much appreciated.

        Regards, Jaybie

Comments are closed.