DP's Security Bits

Summary

Critical vulnerabilities have been identified in Adobe Reader 9.3.3 (and earlier versions) for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.3 (and earlier versions) and Adobe Acrobat 8.2.3 (and earlier versions) for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

These updates address CVE-2010-2862, which was discussed at the Black Hat USA 2010 security conference on Wednesday, July 28, 2010. They also incorporate the Adobe Flash Player update as noted in Security Bulletin APSB10-16.

Adobe recommends users of Adobe Reader 9.3.3 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.4. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.3.4, Adobe has provided the Adobe Reader 8.2.4 update.) Adobe recommends users of Adobe Acrobat 9.3.3 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.4. Adobe recommends users of Adobe Acrobat 8.2.3 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.2.4.

Note that today's updates mentioned in this bulletin represent an out-of-cycle release. The next quarterly security updates for Adobe Reader and Acrobat is scheduled for October 12, 2010.

Affected software versions

• Adobe Reader 9.3.3 and earlier versions for Windows, Macintosh and UNIX
• Adobe Acrobat 9.3.3 and earlier versions for Windows and Macintosh

Solution

Adobe recommends users update their software installations by following the instructions below:

Adobe Reader
Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule and can be manually activated by choosing Help > Check for Updates.

http://www.adobe.com/support/security/bulletins/apsb10-17.html