Adobe Reader Blog
Stay up-to-date on Adobe Reader…

January 12, 2010

Adobe Reader and Acrobat Version 9.3 and 8.2

Today, we announced the availability of Adobe Reader and Acrobat 9.3 and 8.2. For more information regarding the security details in these releases, please see Security Bulletin APSB10-02.

As mentioned in a previous blog post titled Adobe Reader and Acrobat Updates Include New Security Improvements, we have been shipping a new “beta” updater technology in a passive state since our October 13, 2009 quarterly update. The purpose of the new updater, once activated, is to keep end-users up-to-date in a much more streamlined and automated way. Today, we are testing the new updater with a subset of our end-users, who previously signed up for the beta program. This is the first time we’ve exercised the new updater with “official” updates, which allows us to test a variety of network configurations encountered on the Internet in order to ensure a robust update experience. Over the next few weeks, we will be analyzing the test results and will continue communicating important details with you, including when we expect it to be active for all users, which could be as soon as our next update.

We also talked about the introduction of the Adobe Reader and Acrobat JavaScript Blacklist Framework in that same blog post. The Framework provides customers granular control over the execution of specific JavaScript API calls. The purpose of the new JavaScript Blacklist Framework is to provide protection against attacks that target specific JavaScript API calls. As mentioned in Security Advisory- Adobe Reader and Acrobat, we were able to recommend this risk mitigation strategy during our recent zero-day exposure window. The JavaScript Blacklist Framework worked as planned and we had positive feedback from customers who were able to utilize the mitigation effectively.

As mentioned in Adobe Reader and Acrobat JavaScript Blacklist Framework Mitigation for Security Advisory – APSA09-07, if you deployed the mitigation to a “non-locked down” area, Adobe will automatically reset the Blacklist Framework with the 9.3 and 8.2 updates. But, if you deployed the registry key setting to a “locked down” area, then you will need to reset that value yourself.

Finally, as described in an earlier post, Adobe Reader and Acrobat Version 7 End of Support, support for Adobe Reader and Acrobat 7.x (as well as Adobe Reader UNIX 8.x) has ended, and Adobe strongly recommends updating to newer versions.

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share