Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Adobe Reader and Acrobat - Black Tuesday continues - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Reader and Acrobat - Black Tuesday continues

It ain't just Microsoft ... while MS issued a deluge of patches today, Adobe pushes just one, but theirs addresses no less than 29!! gaping holes in one single update.  As we reported earlier, at least one of these 29 vulnerabilities is already being actively exploited. So if you are using Acrobat or Adobe Reader, no matter whether on Unix Windows or Mac, you definitely should take a close look at http://www.adobe.com/support/security/bulletins/apsb09-15.html and start rolling the update. If we were in the habit of rating Adobe patches like Microsoft's, this one would be a "Critical"

Daniel

367 Posts
ISC Handler
Interesting; I go to download the `Adobe Reader MUI 9.2 Update - Multiple Languages` which says its file size is 22.01MB. Actual file size: 275MB. Must be the new math. Hopefully they fix it by the morning. -eddy
Anonymous
go to ftp.adobe.com/pub/... and you can get an MSI for 9.2 update
Anonymous
we are having trouble getting the install for 9.2 to work. after analyzing the install it seems to be installing 9.1.3, and it is failing because we are already at that version. anyone else seeing this? any solutions found?
Anonymous
I manually uninstalled Reader 9.1.3 and checked to see that the plugin in Firefox was removed. Rebooted, installed 9.2 and v9.1.0.163 showed up in Firefox again.

On this end, I'm stuck with the Reader package that includes the unwanted AIR/Adobe.com stuff PLUS versioning that suggests that the browser is still unprotected. Add to that the extra hoops that it takes to get IE or Firefox to work with the new version, and I think we can call this one "epic fail". Maybe this is why I didn't see a v9.x directory at ftp://ftp.adobe.com/pub/adobe/acrobatreader/win/

As it stands now, we won't be rolling this out in our company. I hate having the security hole, but a patch that kills functionality is not accepted in the production systems.
Nathan

8 Posts
Somewhere, and I will be blessed if I remember where, I got a URL which pulled only the Acrobat Reader portion, without any of the bloat-ware that usually comes with Acrobat Reader. (It may have even been for the 8.x versions...)
Since that time, I have had to take the whole ball of wax, AIR, Adobe.com, etc. etc. One of the things which I have used to strip out the extras and seems to work well is Revo Uninstaller at http://www.revouninstaller.com/ in advanced mode. Your mileage may vary.
BezantSoft

14 Posts
BenzantSoft, here are some instructions which include a link to the Adobe tool for customizing the installer package. It took a little tinkering but was not a time sink. The option to eliminate the AIR/Adobe.com stuff worked just fine.

http://cadpanacea.com/node/144
Nathan

8 Posts

Sign Up for Free or Log In to start participating in the conversation!