06/29/2010

Patches to Adobe Flash Player, Adobe Acrobat & Adobe Reader

Adobe issued a couple of critical patches this month to its Flash, Acrobat, and Adobe Reader products including one today for its Acrobat and Adobe Reader programs.

Adobe Acrobat & Adobe Reader Flaws and Upgrade/Patch

As for Adobe Reader as of the writing of this piece, the latest version of Adobe Reader is:

9.3.3

Here's how you can check your version and what you should see:



These security flaws in Acrobat and Reader--and Adobe's handling of it--has had fairly widespread discussion including coverage at Kaspersky's 'threatpost' security blog.

Kaspersky's Ryan Naraine in his piece about the Adobe security patches says,

The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file.

What's so important about this particular set of updates is the number of different types of systems that are affected, and while some antivirus software may be able to offset some of the threats posed by these security flaws in these programs, it's not worth the risk.

What's already clear is that there are security exploits in the wild that are taking advantage of these security holes, and if you're running Flash, Reader, or Acrobat (about 95% of the world is), your computer may be susceptible, regardless of what type of system you run--even a Mac.

Adobe Flash Player Flaws and Upgrade/Patch

The Flash Player (and the upgrade, of course) and Adobe Reader are free and only take a minute to install. (Adobe Acrobat isn't free but the security patch is.)

Here's the official Version Test for Adobe Flash Player.

On that page, you'll see what version of Flash Player you're running. As of the writing of this piece, the latest version for all systems is:

10.1.53.64

Don't take our word for it though, here's the official version information page for the Adobe Flash Player

Here's what the page looks like when it tests for your version of Flash Player (click the image below for a larger version plus our notes):



It's worth mentioning in our tests of the newest version of Flash Player, a reboot was sometimes recommended and other times not; regardless of whether or not you're prompted to reboot, it certainly won't hurt.



It's getting more commonplace for a bug to be a security issue on different computers--not just PCs--these days, but in these particular cases, just about every system was affected. Here's a breakdown of what the affected programs and systems looks like:

Program Affected Versions Affected Systems
Adobe Flash Player
  • 10.0.45.2
    (and earlier 10.0.x versions)
  • 9.0.262
    (and earlier 9.0.x versions)
  • Microsoft Windows
  • Apple Macintosh
  • Linux
  • Sun/Oracle Solaris
Adobe Reader
  • 9.3.2 (and earlier 9.x versions)
  • Microsoft Windows
  • Apple Macintosh
  • UNIX
Adobe Acrobat
  • 9.3.2 (and earlier 9.x versions)
  • Microsoft Windows
  • Apple Macintosh
  • UNIX