Archive for October, 2009

Second quarterly security update released for Adobe Reader and Acrobat

Today a Security Bulletin has been posted in regards to the second quarterly security update for Adobe Reader and Acrobat. The update addresses critical security issues in the products; Adobe recommends that users apply the update for their product installations. Please note that with support for Adobe Reader 7.X and Acrobat 7.X ending in December 2009, this is the last scheduled update planned for Adobe Reader 7.X and Acrobat 7.X.
The Adobe Reader and Acrobat 9.2 and 8.1.7 updates will include a new update and deployment tool, initially shipping in a passive, beta state, which will be functional for Acrobat and Adobe Reader customers in the near future, as well as two new changes in security user interface and control. More information on this is available here.
This posting is provided “AS IS” with no warranties and confers no rights.

Pre-Notification – Quarterly Security Update for Adobe Reader and Acrobat

A Security Advisory has been posted in regards to the upcoming Adobe Reader and Acrobat updates scheduled for October 13, 2009. The updates address critical security issues in the products, including a critical vulnerability in Adobe Reader and Acrobat 9.1.3 and earlier (CVE-2009-3459), as described in a separate PSIRT blog post today. The updates will be made available for Windows, Macintosh and UNIX, and represent the second quarterly security update for Adobe Reader and Acrobat.
We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.

Adobe Reader and Acrobat issue

Adobe is aware of reports of a critical vulnerability in Adobe Reader and Acrobat 9.1.3 and earlier (CVE-2009-3459) on Windows, Macintosh and UNIX. There are reports that this issue is being exploited in the wild in limited targeted attacks; the exploit targets Adobe Reader and Acrobat 9.1.3 on Windows.
Adobe plans to resolve this issue as part of the upcoming Adobe Reader and Acrobat quarterly security update, scheduled for release on October 13. Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista will be protected from this exploit. Disabling JavaScript also mitigates against this specific exploit, although a variant that does not rely on JavaScript could be possible. In the meantime, Adobe is also in contact with Antivirus and Security vendors regarding the issue and recommends users keep their anti-virus definitions up to date.
We wish to thank Chia-Ching Fang and the Information and Communication Security Technology Center for their help with reporting and investigating this issue (CVE-2009-3459).
We will continue to provide updates on this issue via the Security Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.
This posting is provided “AS IS” with no warranties and confers no rights.