Adobe Secure Software Engineering Team (ASSET) Blog

This evening, we updated APSA10-01 for CVE-2010-1297 to include the target ship schedules for the security updates for Adobe Flash Player, Adobe Reader and Acrobat. The security update for Flash Player will be available by June 10, 2010. The security update for Adobe Reader and Acrobat will be available by June 29, 2010.
The June 29, 2010 security update for Adobe Reader and Acrobat represents an accelerated release of the next quarterly security update originally scheduled for July 13, 2010. In addition to addressing CVE-2010-1297, the accelerated next quarterly Adobe Reader and Acrobat update will also resolve a number of responsibly disclosed vulnerabilities. The full details will be in the Security Bulletin and Release Notes we will publish when the security update is posted.
Among other options, we also considered the alternative of releasing a one-off 0-day fix followed a couple of weeks later by the July 13 quarterly update. However, two patches within three weeks would have incurred too much churn and patch management overhead on our users, in particular for customers with large managed environments.
In April, I wrote about some changes we were making to provide the latest version of Adobe Reader for the most popular language/platform pairs offered on the Adobe Download Center. Given the accelerated release of the next quarterly update, we are working to also pull in the schedule for posting the new installers. However, we do not yet have a confirmed date to announce. Until the new installers are published, users who are downloading Adobe Reader for the first time from the Adobe Download Center can continue to update their installation via the new Adobe Reader Updater by selecting > Help > Check for Updates from the Adobe Reader toolbar.
Watch for additional information as these security updates become available. We will continue to provide updates via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.