Thursday, April 21, 2011

Adobe Releases Critical Update for Reader/Acrobat Products


While Adobe Flash Player was updated last week for the critical vulnerabilities in Security Advisory APSA11-02, it was not until today that the update for Adobe Reader and Acrobat was released.

This vulnerability is being exploited in the wild against Adobe Flash Player, Adobe Reader and Acrobat in targeted attacks via a malicious Web page, or a Flash file embedded in a Microsoft Word or Microsoft Excel  file delivered as an email attachment, targeting the Windows platform. 

Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing and, thus, is not being updated at this time.

Details:

Vulnerability identifier: APSB11-08
CVE number: CVE-2011-0611, CVE-2011-0610
Platform: All Platforms
Acrobat and Reader users can update to the latest version using the built-in updater, by clicking “Help” and then “Check for Updates.” The Adobe Reader update for Windows is available from http://www.adobe.com/products/reader/

Alternatively, you could switch to an alternate PDF reader.  There are a number of open source readers available from http://pdfreaders.org/.  I have been using Sumatra PDF for around two years.  Nitro Reader is also a viable substitute.



References:





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


2 comments:

Cel said...

Corrine. When did Adobe Reader Version X come out? Is this version 10? or something different? Thanks

Corrine said...

Hi, Cel.

Adobe Reader X is version 10, released in February, 2011 current release 10.0.1).

The major enhancement of Adobe Reader X is that PDF files are opened in a "sandbox".