Recently in Security Bulletins and Advisories Category

Today we posted a Security Bulletin to address a moderate security issue in Adobe Photoshop Elements.

This posting is provided "AS IS" with no warranties and confers no rights.

A Security Bulletin was posted today addressing critical security issues in Adobe Shockwave Player.

This posting is provided "AS IS" with no warranties and confers no rights.

Today a Security Bulletin has been posted in regards to the second quarterly security update for Adobe Reader and Acrobat. The update addresses critical security issues in the products; Adobe recommends that users apply the update for their product installations. Please note that with support for Adobe Reader 7.X and Acrobat 7.X ending in December 2009, this is the last scheduled update planned for Adobe Reader 7.X and Acrobat 7.X.

The Adobe Reader and Acrobat 9.2 and 8.1.7 updates will include a new update and deployment tool, initially shipping in a passive, beta state, which will be functional for Acrobat and Adobe Reader customers in the near future, as well as two new changes in security user interface and control. More information on this is available here.

This posting is provided "AS IS" with no warranties and confers no rights.

Adobe is aware of reports of a critical vulnerability in Adobe Reader and Acrobat 9.1.3 and earlier (CVE-2009-3459) on Windows, Macintosh and UNIX. There are reports that this issue is being exploited in the wild in limited targeted attacks; the exploit targets Adobe Reader and Acrobat 9.1.3 on Windows.

Adobe plans to resolve this issue as part of the upcoming Adobe Reader and Acrobat quarterly security update, scheduled for release on October 13. Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista will be protected from this exploit. Disabling JavaScript also mitigates against this specific exploit, although a variant that does not rely on JavaScript could be possible. In the meantime, Adobe is also in contact with Antivirus and Security vendors regarding the issue and recommends users keep their anti-virus definitions up to date.

We wish to thank Chia-Ching Fang and the Information and Communication Security Technology Center for their help with reporting and investigating this issue (CVE-2009-3459).

We will continue to provide updates on this issue via the Security Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.

This posting is provided "AS IS" with no warranties and confers no rights.

A Security Bulletin has been posted in regards to the RoboHelp Server 8 issue last mentioned in the Adobe PSIRT blog on September 9 ("Update on RoboHelp Server 8 Issue", CVE-2009-3068). Adobe categorizes this as a critical issue and recommends affected users patch their installations.

This posting is provided "AS IS" with no warranties and confers no rights.