Archive for September, 2010

Prenotification: Quarterly Security Updates for Adobe Reader and Acrobat

A prenotification Security Advisory has been posted in regards to the upcoming quarterly Adobe Reader and Acrobat updates scheduled for October 5, 2010. The updates will address critical security issues in the products, including CVE-2010-2883 referenced in Security Advisory APSA10-02 and CVE-2010-2884 referenced in the Adobe Flash Player Security Bulletin APSB10-22. These security updates will be made available for Windows, Macintosh and UNIX.

Note that the October 5, 2010 updates represent an accelerated release of the next quarterly security update originally scheduled for October 12, 2010. With this accelerated schedule, Adobe will not release additional updates for Adobe Reader and Acrobat on October 12, 2010.

We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.

Security update available for Adobe Flash Player

Today, a Security Bulletin has been posted to address a critical security issue (CVE-2010-2884) in Adobe Flash Player. This Security Bulletin affects Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android.  Adobe recommends users apply the update for their product installation. This addresses the issue first mentioned in Security Advisory APSA10-03.

This posting is provided “AS IS” with no warranties and confers no rights.

Schedule Update to Security Advisory for Adobe Flash Player (APSA 10-03)

We just updated the Security Advisory (APSA10-03) posted on Monday, Sept. 13, 2010 to include an updated schedule for a patch to resolve CVE-2010-2884. Adobe now plans to make available updates for Adobe Flash Player for Windows, Macintosh, UNIX, Solaris and Android on Monday, Sept. 20, 2010.

We will continue to provide updates on this issue via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.

Schedule Update to Security Advisory for Adobe Reader and Acrobat (APSA10-02)

We just updated the Security Advisory (APSA10-02) posted on Wednesday, September 8, 2010 to include the planned schedule for a patch to resolve CVE-2010-2883. Adobe plans to make available updates for Adobe Reader and Acrobat 9.3.4 for Windows, Macintosh and UNIX during the week of October 4, 2010. In the meantime, we have provided a mitigation option for Windows users; see the Security Advisory for details.

Please note that these Adobe Reader and Acrobat updates represent an accelerated release of the next quarterly security updates originally scheduled for October 12, 2010. With this accelerated schedule, we do not plan to release any new updates for Adobe Reader and Acrobat on October 12, 2010.

We will continue to provide updates on this issue via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.

Security Advisory for Adobe Flash Player (APSA10-03)

A Security Advisory (APSA10-03) has been posted in regards to a new Adobe Flash Player issue (CVE-2010-2884). A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris and Android. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Flash Player on Windows.

We will continue to provide updates on this issue via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.

Alert: Adobe Reader Upgrade Email Spam/Phishing Scam

It has come to Adobe’s attention that email messages purporting to offer a download of a new version of Adobe Reader have been sent by entities claiming to be Adobe. Many of these emails are signed as “Adobe Acrobat Reader Support” (or similar), and in some instances require recipients to register and/or provide personal information. Please be aware that these emails have not been sent by Adobe or on Adobe’s behalf.

The Adobe Reader is free software available for download directly from the Adobe Reader download page on the Adobe website at http://get.adobe.com/reader/; it is not available in any other manner via download, including via email.

Customers receiving one of these emails should delete the email immediately without clicking on any of the links.

Update to Security Advisory for Adobe Reader and Acrobat (APSA10-02)

We just updated the Security Advisory (APSA10-02) posted on Wednesday, September 8, 2010 with a mitigation option for Windows users.

We will continue to provide updates on this issue via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.

Security Advisory for Adobe Reader and Acrobat

A Security Advisory has been posted in regards to a new Adobe Reader and Acrobat issue (CVE-2010-2883). A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild.

We will continue to provide updates on this issue via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.