Security updates available for Adobe Reader and Acrobat

Security updates available for Adobe Reader and Acrobat

Security updates available for Adobe Reader and Acrobat
Release date: February 16, 2010

Vulnerability identifier: APSB10-07

CVE numbers: CVE-2010-0188, CVE-2010-0186

Platform: All Platforms

SummaryA critical vulnerability has been identified in Adobe Reader 9.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3 for Windows and Macintosh, and Adobe Reader 8.2 and Acrobat 8.2 for Windows and Macintosh. As described in Security Bulletin APSB10-06, this vulnerability (CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests. In addition, a critical vulnerability (CVE-2010-018 has been identified that could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Reader 9.3 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.1. (For Adobe Reader users on Windows and Macintosh who cannot update to Adobe Reader 9.3.1, Adobe has provided the Adobe Reader 8.2.1 update.) Adobe recommends users of Adobe Acrobat 9.3 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.1. Adobe recommends users of Acrobat 8.2 and earlier versions for Windows and Macintosh update to Acrobat 8.2.1.
http://get.adobe.com/uk/reader/?promoid=DAFYK

this update is also available from the internal updater and please remember to untick any tool bars that may be offered with this update