Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Adobe Update is finally out, well, some of them InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Adobe Update is finally out, well, some of them

Published: 2009-03-11
Last Updated: 2009-03-11 21:45:25 UTC
by Joel Esler (Version: 2)
5 comment(s)

Thank you all that wrote in letting us know that the Adobe Update for Reader and Acrobat 9 is finally out.  Swa pointed this out in his diary right here.  However, I wanted to expand upon the update a little bit, because I still find it to be "wanting".

Adobe has named this release "9.1" for both Adobe Reader and Adobe 9 (Standard, Pro, and Pro Extended).  The patch is out for Windows and Macintosh only, however. 

Adobe says they plan for updates to Reader 7 and 8 and Acrobat 7 and 8 to be out by March 18th.  They also plan to make Adobe Reader 9.1 available for Unix by March 25th.

As a work around, Adobe says to refer to this post for a work around on how to disable Javascript so that you won't be affected, however, as our readers of the Internet Storm Center and the VRT Blog know, this is not a Javascript exploit, and you can still be exploited without javascript turned on!

So, Adobe did fix the issue for users of "9" on Windows and Mac, but the other platforms are still vulnerable.  If you are using Adobe 7 or 8, if you can update to 9.1, that would be for the best.

(Yes, I work for Sourcefire.)

-- Joel Esler http://www.joelesler.net

UPDATE

Couple of readers wrote to say that it appears that the update installs other Adobe applications as well, such as Adobe Air.

Another reader wrote to say that a lite version is available at ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1/enu/, but only as an EXE file (you'll have to create the MSI yourself if you want to use it for deployment).

-- Bojan

Keywords:
5 comment(s)
Diary Archives