Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Adobe out-of-cycle Updates - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe out-of-cycle Updates

Adobe is planning to release critical updates on August 19, 2010 for Adobe Reader 9.3.3 for Windows, Macintosh and Unix as well as the Adobe Acrobat 9.3.3 for Windows and Macintosh and an update for Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh covered in security bulletin APSB10-17. An update for Adobe Flash Player published in security bulletin APSB10-16 will be released as well.

Affected Software

Adobe Reader 9.3.3 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3.3 and earlier versions for Windows and Macintosh
Adobe Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux, and Solaris

 

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Guy

411 Posts
ISC Handler
Those updates were released a little over a week ago.
ComputerX

6 Posts Posts
ComputerX - The updates on APSB10-17 have not been released yet...
http://www.adobe.com/support/security/bulletins/apsb10-17.html

"Adobe expects to make these updates available on Thursday August 19, 2010."
Ken B

4 Posts Posts
@Ken Good point. I was looking at the first paragraph, which is about APSB10-16. I was surprised when the patches I downloaded were the version I pushed a week ago.

I don't pay much attention to Reader versions. I have (reluctantly) gone to Foxit as a pdf viewer because of the difficulty I have had dealing with Adobe's MSPs. I don't know why. I don't have any trouble repackaging other software, but Adobe's packages often act weird for me.
ComputerX

6 Posts Posts
Note that the download page has recently become more insistent on you installing their worthless downloader plugin. The direct link to the download is no longer on the same page.

Instead you can find it here:
http://kb2.adobe.com/cps/191/tn_19166.html#main_ManualInstaller


Anonymous

Posts
@Ken - I am trying to move to Foxit as well, as it has a lot smaller footprint and should not be as easy (read: popular) to target as Adobe Reader.

But for many users there is a need to stay with Adobe for application integration. So if you want to look at the Adobe MSPs again they have a good article here which explains how security updates will break (!) the administrative installation points.

http://kb2.adobe.com/cps/498/cpsid_49880.html

Due to the intentional difference between "Security" and "Quarterly" Updates, IT professionals who want to deploy Acrobat or Reader products from an Administration Installation Point (AIP) must follow the guidelines noted below.

AIP Creation: Quarterly Updates cannot be applied to an AIP in which a Security Update was the most recently applied Update. Therefore, to deploy a new full Quarterly Update from an AIP, create an AIP (or use previous) which includes only Quarterly Updates.
dotBATman

60 Posts Posts

Sign Up for Free or Log In to start participating in the conversation!