Adobe out-of-cycle Updates

Published: 2010-08-18
Last Updated: 2010-08-18 13:59:47 UTC
by Guy Bruneau (Version: 3)
5 comment(s)

 

UPDATE

Looks like some patches have already been released. More details can be found here http://www.adobe.com/support/security/bulletins/apsb10-16.html Please note these are for the Flash Player only, still waiting on the Reader updates. 
Happy Patching - MH

 

Adobe is planning to release critical updates on August 19, 2010 for Adobe Reader 9.3.3 for Windows, Macintosh and Unix as well as the Adobe Acrobat 9.3.3 for Windows and Macintosh and an update for Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh covered in security bulletin APSB10-17. This is the same issue discussed at Black Hat USA 2010 identified in Adobe Flash Player published in security bulletin APSB10-16. UPDATE

Affected Software

Adobe Reader 9.3.3 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3.3 and earlier versions for Windows and Macintosh
Adobe Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux, and Solaris

 

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

 

5 comment(s)

Comments

Those updates were released a little over a week ago.
ComputerX - The updates on APSB10-17 have not been released yet...
http://www.adobe.com/support/security/bulletins/apsb10-17.html

"Adobe expects to make these updates available on Thursday August 19, 2010."
@Ken Good point. I was looking at the first paragraph, which is about APSB10-16. I was surprised when the patches I downloaded were the version I pushed a week ago.

I don't pay much attention to Reader versions. I have (reluctantly) gone to Foxit as a pdf viewer because of the difficulty I have had dealing with Adobe's MSPs. I don't know why. I don't have any trouble repackaging other software, but Adobe's packages often act weird for me.
Note that the download page has recently become more insistent on you installing their worthless downloader plugin. The direct link to the download is no longer on the same page.

Instead you can find it here:
http://kb2.adobe.com/cps/191/tn_19166.html#main_ManualInstaller


@Ken - I am trying to move to Foxit as well, as it has a lot smaller footprint and should not be as easy (read: popular) to target as Adobe Reader.

But for many users there is a need to stay with Adobe for application integration. So if you want to look at the Adobe MSPs again they have a good article here which explains how security updates will break (!) the administrative installation points.

http://kb2.adobe.com/cps/498/cpsid_49880.html

Due to the intentional difference between "Security" and "Quarterly" Updates, IT professionals who want to deploy Acrobat or Reader products from an Administration Installation Point (AIP) must follow the guidelines noted below.

AIP Creation: Quarterly Updates cannot be applied to an AIP in which a Security Update was the most recently applied Update. Therefore, to deploy a new full Quarterly Update from an AIP, create an AIP (or use previous) which includes only Quarterly Updates.

Diary Archives