Security updates available for Adobe Reader and Acrobat

[ronjor]

Quote:

Summary

Critical vulnerabilities have been identified in Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems. These vulnerabilities, including CVE-2011-0611, as referenced in Security Advisory APSA11-02, could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that one of the vulnerabilities, CVE-2011-0611, is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat, as well as via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing

http://www.adobe.com/support/securit...apsb11-08.html

[Trooper]

Thanks Ron. I checked for updates but it found none. Will try it again in a few days.

Cheers.

[FanJ]

Thanks Ron !

I'm still at Reader 9 and got the update from here:

fxp://fxp.adobe.com/pub/adobe/reader/win/9.x/9.4.4/misc/
AdbeRdrUpd944_all_incr.msp

(replace fxp with the obvious one ( ftp ) )

[SweX]

Quote:

Originally Posted by FanJ

Thanks Ron !

I'm still at Reader 9 and got the update from here:

fxp://fxp.adobe.com/pub/adobe/reader/win/9.x/9.4.4/misc/
AdbeRdrUpd944_all_incr.msp

(replace fxp with the obvious one ( ftp ) )

Just wondering why you don't update via the in-built updater?

[siljaline]

Many disable javascript (recommended for security) in Adobe apps as well as the auto-update feature since they don't want Adobe phoning home. I prefer to be in full control of when and what is updated as opposed to background updates. This is user choice, of course.

Quote:

Originally Posted by SweX

Just wondering why you don't update via the in-built updater?

[SweX]

I have JavaScript disabled myself, plus I have disabled the Auto updating as well. Because I don't want it to auto update just as you say.

But why would that stop one from using the internal updater?

[The Hammer]

Quote:

Originally Posted by Trooper

Thanks Ron. I checked for updates but it found none. Will try it again in a few days.

Cheers.

Installed it just now. Try again.

[siljaline]

As I originally indicated, some do not like Adobe or other third party applications updating in the background. Personally, I do not allow.

It is as easy as, Help > check for updates in lieu of a multidude of items starting from MSCONFIG

Quote:

Originally Posted by SweX

But why would that stop one from using the internal updater?

[siljaline]

What exactly, may I ask, did you successfully update ?

Quote:

Originally Posted by The Hammer

Installed it just now. Try again.

[SweX]

Quote:

Originally Posted by siljaline

As I originally indicated, some do not like Adobe or other third party applications updating in the background.

How would it update in the background if I update manually, using the internal updater

And only because I have disabled JS and Auto updated, doesn't prevent me from updating manually.

Sorry but I still don't understand why not

And multidude is not a word I know the meaning of

[xxJackxx]

I keep seeing posts on sites that say Adobe Reader X was updated but I can't find that Reader has anything newer than version 10.0.1 where Acrobat is on 10.0.3.

[siljaline]

Adobe Reader X will be refreshed around June 15 to the best of my information. There is nothing to patch now unless you are running outdated Adobe apps, if that would be the case you would be encouraged to replace them. Please refer to the documentation posting within this thread for more details.

Thanks.

Quote:

Originally Posted by xxJackxx

I keep seeing posts on sites that say Adobe Reader X was updated but I can't find that Reader has anything newer than version 10.0.1 where Acrobat is on 10.0.3.

[siljaline]

@SweX: These would be two of the MSCONFIG entries caused by Adobe apps that are not needed here, here

Hoping this answers your queries ?

[xxJackxx]

Quote:

Originally Posted by siljaline

Adobe Reader X will be refreshed around June 15 to the best of my information.

Makes sense. It's just that sites like Beta News and Major Geeks were posting what it claimed was Adobe Reader 10.0.3 and after downloading the file it was actually the 10.0.3 patch for Acrobat. I think someone got confused as to what they were posting.

[siljaline]

With Adobe, I advise to use Adobe for all your Adobe patches and updates, etc.

As you will see from the screenshot, there is no current patch and or update available for the sanboxed reader.

[m00nbl00d]

Don't you find somewhat confusing that Adobe considers that Adobe Reader X sandbox should contain such attacks, hence they won't release an upgrade for it until June, but they do provide an upgrade for Adobe Acrobat X? Adobe Acrobat X has the same sandbox as Adobe Reader X, so why patching Acrobat X now, if they don't consider worth patching Reader X until June?

I find this awkward... Maybe they just want to make their customers happy?

[SweX]

Quote:

Originally Posted by siljaline

@SweX: These would be two of the MSCONFIG entries caused by Adobe apps that are not needed here, here

Hoping this answers your queries ?

I see.

Well, After every update I do with the internal updater (if there is an update available), I do delete those entries with Ccleaner afterwards since they always get re-created, so that's not a big deal.

[siljaline]

While I understand and feel similarly to you with regard to Adobe patches and releases, I cannot speak for Adobe. You would have to give feeback to them.
Adobe does have a feedback mechanism.

Regards,

Quote:

Originally Posted by m00nbl00d

Don't you find somewhat confusing that Adobe considers that Adobe Reader X sandbox should contain such attacks, hence they won't release an upgrade for it until June, but they do provide an upgrade for Adobe Acrobat X? Adobe Acrobat X has the same sandbox as Adobe Reader X, so why patching Acrobat X now, if they don't consider worth patching Reader X until June?

I find this awkward... Maybe they just want to make their customers happy?

[siljaline]

While I donnot use CCleaner, what it amounts to in the end is the same thing. I am glad that we understand each other.

Regards,

Quote:

Originally Posted by SweX

I see.

Well, After every update I do with the internal updater (if there is an update available), I do delete those entries with Ccleaner afterwards since they always get re-created, so that's not a big deal.

[The Hammer]

Quote:

Originally Posted by siljaline

What exactly, may I ask, did you successfully update ?

Adobe reader 9 as per the link in the original post.

[siljaline]

Apologies for late reply, thank you for posting back to my query.

Quote:

Originally Posted by The Hammer

Adobe reader 9 as per the link in the original post.

[Peter2150]

Quote:

Originally Posted by m00nbl00d

Don't you find somewhat confusing that Adobe considers that Adobe Reader X sandbox should contain such attacks, hence they won't release an upgrade for it until June, but they do provide an upgrade for Adobe Acrobat X? Adobe Acrobat X has the same sandbox as Adobe Reader X, so why patching Acrobat X now, if they don't consider worth patching Reader X until June?

I find this awkward... Maybe they just want to make their customers happy?

I have Acrobat Pro X, and there was just an update. Maybe they are doing Acrobat first, because for example I paid a bit over $400 for the program vs the reader being free.

Pete

[SweX]

Quote:

Originally Posted by Peter2150

I have Acrobat Pro X, and there was just an update. Maybe they are doing Acrobat first, because for example I paid a bit over $400 for the program vs the reader being free.

Pete

Just curious, is it really worth the $400

[SweX]

Quote:

Originally Posted by siljaline

I am glad that we understand each other.

Sorry for the late reply. Yes Indeed

[siljaline]

Quote:

Originally Posted by SweX

Sorry for the late reply. Yes Indeed