On Wednesday, don’t be concerned/scared/shocked if you see your sales people looking somewhat calmer, your legal counsel winces a little less when you crack a lawyer joke, your chief risk officer smiles at you, and your controller pulls you over and eagerly points to the latest revenue figures.
Why? June 30th is the tenth anniversary of the US federal law that made their lives easier by putting electronic signatures on equal footing with wet ink! That’s right: 10 years ago tomorrow, President Bill Clinton digitally signed into law the ESIGN Act (eSignAct.pdf).
How is this important? The electronic signatures legalized with the ESIGN Act produce dramatic, real-world benefits for Adobe’s customers.
This evening, we updated APSA10-01 for CVE-2010-1297 to include the target ship schedules for the security updates for Adobe Flash Player, Adobe Reader and Acrobat. The security update for Flash Player will be available by June 10, 2010. The security update for Adobe Reader and Acrobat will be available by June 29, 2010.
The June 29, 2010 security update for Adobe Reader and Acrobat represents an accelerated release of the next quarterly security update originally scheduled for July 13, 2010. In addition to addressing CVE-2010-1297, the accelerated next quarterly Adobe Reader and Acrobat update will also resolve a number of responsibly disclosed vulnerabilities. The full details will be in the Security Bulletin and Release Notes we will publish when the security update is posted.
Among other options, we also considered the alternative of releasing a one-off 0-day fix followed a couple of weeks later by the July 13 quarterly update. However, two patches within three weeks would have incurred too much churn and patch management overhead on our users, in particular for customers with large managed environments.
In April, I wrote about some changes we were making to provide the latest version of Adobe Reader for the most popular language/platform pairs offered on the Adobe Download Center. Given the accelerated release of the next quarterly update, we are working to also pull in the schedule for posting the new installers. However, we do not yet have a confirmed date to announce. Until the new installers are published, users who are downloading Adobe Reader for the first time from the Adobe Download Center can continue to update their installation via the new Adobe Reader Updater by selecting > Help > Check for Updates from the Adobe Reader toolbar.
Watch for additional information as these security updates become available. We will continue to provide updates via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.