This evening, we updated APSA10-01 for CVE-2010-1297 to include the target ship schedules for the security updates for Adobe Flash Player, Adobe Reader and Acrobat. The security update for Flash Player will be available by June 10, 2010. The security update for Adobe Reader and Acrobat will be available by June 29, 2010.
The June 29, 2010 security update for Adobe Reader and Acrobat represents an accelerated release of the next quarterly security update originally scheduled for July 13, 2010. In addition to addressing CVE-2010-1297, the accelerated next quarterly Adobe Reader and Acrobat update will also resolve a number of responsibly disclosed vulnerabilities. The full details will be in the Security Bulletin and Release Notes we will publish when the security update is posted.
Among other options, we also considered the alternative of releasing a one-off 0-day fix followed a couple of weeks later by the July 13 quarterly update. However, two patches within three weeks would have incurred too much churn and patch management overhead on our users, in particular for customers with large managed environments.
In April, I wrote about some changes we were making to provide the latest version of Adobe Reader for the most popular language/platform pairs offered on the Adobe Download Center. Given the accelerated release of the next quarterly update, we are working to also pull in the schedule for posting the new installers. However, we do not yet have a confirmed date to announce. Until the new installers are published, users who are downloading Adobe Reader for the first time from the Adobe Download Center can continue to update their installation via the new Adobe Reader Updater by selecting > Help > Check for Updates from the Adobe Reader toolbar.
Watch for additional information as these security updates become available. We will continue to provide updates via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.
TagsAcrobat Android appsec ASSET ASSET Software Security Certification Program bigfix podcast black hat Brad Arkin BSIMM CanSecWest conference Europe Firefox Flash Flash Player Fuzzing incident response Mac Microsoft mobile Mozilla Office open-source Peach Peleus Uhley Privacy protected mode Protected View Reader Reader Acrobat Security Update RSA RSA Conference Safari SAFECode SAFEcode Security Training Program SAFEcode Software Security training sandbox security security black hat conference Security Intelligence Report SIR SWF Threatpost Update Updater