General discussion

Out-of-band Security Updates for Adobe Reader and Acrobat

Prenotification: Out-of-band Security Updates for Adobe Reader and Acrobat

From: The Adobe Product Security Incident Response Team (PSIRT) Blog:

A Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat updates scheduled for the week of August 16, 2010. The updates will address critical security issues in the products, including CVE-2010-2862 which was discussed at the Black Hat USA 2010 security conference on Wednesday, July 28, 2010. These security updates will be made available for Windows, Macintosh and UNIX.

At this time Adobe is not aware of exploits in the wild for any of the issues addressed in this Security Advisory.

Note that these updates represent an out-of-band release. Adobe will release the next quarterly security update for Adobe Reader and Acrobat on October 12, 2010.

We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

As Posted Here: http://blogs.adobe.com/psirt/2010/08/pre-notification-out-of-band-security-updates-for-adobe-reader-and-acrobat.html

Discussion is locked

Follow
Reply to: Out-of-band Security Updates for Adobe Reader and Acrobat
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Out-of-band Security Updates for Adobe Reader and Acrobat
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
No more Adobe for me

I used Adobe as my PDF reader for years, but just got fed up with it's terrible security holes that keep cropping up. It's probably the weakest security vector on many computers.

I would recommend changing to the free and reletively small FOXIT, which does everything that Adobe does.

Adobe/Acrobate is a huge bloated security riddled program which need to be re-written from the ground up.

Some companies refuse to use it because of the security issues, and if I remember correctly Steve Jobs said you couldn't use it on some of his products due to the poor security - although I suspect there is more to it than just that.

- Collapse -
Remember Though... Foxit Needs Updates As Well

No program is completely secure forever.. AS just an example, Foxit released it's most recent security update, and newest version of the program, on August 6, 2010. Here's a link to their security bulletins page.:

http://www.foxitsoftware.com/pdf/reader/security_bulletins.php

I'm not saying Foxit is a bad choice.. It's a perfectly good program but make sure you're seeing ALL the options.

Hope this helps.

Grif

- Collapse -
Foxit is Comparatively more secure

You are right, Grif. I didn't mean to suggest Foxit was 100% secure, as you said, no program is, and patches will need to be applied with varying frequency.

Comparatively, Foxit has fewer security holes than Adobe, which is one of the most insecure programs that is widely used.

Foxit also has the advantage of being far less bloated than the awful Adobe/Acrobat family.

- Collapse -
Adobe Reader Out-of-band on August 19, 2010

Today, Adobe have updated the Security Advisory for Adobe Reader and Acrobat with Vulnerability identifier APSB10-17

Release date: August 5, 2010
Last updated: August 17, 2010


Adobe is planning to release updates for Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh to resolve critical security issues, including CVE-2010-2862 discussed at the Black Hat USA 2010 security conference and the Adobe Flash Player update as noted in Security Bulletin APSB10-16. Adobe expects to make these updates available on Thursday August 19, 2010.

Note that these updates represent an out-of-cycle release. Adobe is currently scheduled to release the next quarterly security updates for Adobe Reader and Acrobat on October 12, 2010.

http://www.adobe.com/support/security/bulletins/apsb10-17.html

The blog has been edited also:

A Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat updates scheduled for Thursday, August 19, 2010.

http://blogs.adobe.com/psirt/2010/08/pre-notification-out-of-band-security-updates-for-adobe-reader-and-acrobat.html

- Collapse -
Security Updates Released for Adobe Reader and Acrobat
From the Adobe Product Security Incident Response Team (PSIRT) Blog:

August 19, 2010

Today, a Security Bulletin has been posted regarding security releases for Adobe Reader and Acrobat. The updates address critical security issues in the products, including CVE-2010-2862 discussed at the recent Black Hat USA 2010 security conference and vulnerabilities addressed in the August 10 Adobe Flash Player update as noted in Security Bulletin APSB10-16. Adobe recommends that users apply the updates for their product installations.

Note that today?s updates represent an out-of-cycle release. The next quarterly security updates for Adobe Reader and Acrobat is scheduled for October 12, 2010.

http://blogs.adobe.com/psirt/2010/08/security-updates-released-for-adobe-reader-and-acrobat.html

The Security Bulletin: http://www.adobe.com/support/security/bulletins/apsb10-17.html

CNET Forums

Forum Info