Archive for May, 2009

Security Bulletin – Adobe Reader and Acrobat

Today, we have posted a Security Bulletin and provided Adobe Reader and Acrobat patches to our Product Update area. This update resolves the vulnerabilities from Security Advisory APSA09-02. Adobe is not currently aware of any exploits in the wild for these issues.
This posting is provided “AS IS” with no warranties and confers no rights.

Adobe Reader Issue Update

A Security Advisory has been posted in regards to the Adobe Reader vulnerability last mentioned in the Adobe PSIRT blog on April 28 (“Update to Adobe Reader Issue“, CVE-2009-1492). We are in the process of fixing the issue, and expect to make available product updates for the relevant supported Adobe Reader and Acrobat versions and platforms by May 12th, 2009. Adobe plans to make available Windows updates for Adobe Reader versions 9.X, 8.X, and 7.X and Acrobat versions 9.X, 8.X, and 7.X, Macintosh updates for Adobe Reader versions 9.X and 8.X and Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X.
Additionally, we have confirmed the second vulnerability (CVE-2009-1493) for Adobe Reader for Unix (first mentioned in our April 28 post). This issue will be resolved in the upcoming Adobe Reader for Unix updates. Currently, we have not been able to reproduce an exploitable scenario for Windows and Macintosh, but we will continue to investigate.
In the meantime, to mitigate both issues disable JavaScript in Adobe Reader and Acrobat using the following instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
Adobe is in contact with Antivirus and Security vendors regarding both of these issues in order to ensure the security of our mutual customers.
We will continue to provide updates on these issues via the Security Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.
This posting is provided “AS IS” with no warranties and confers no rights.