Rather quietly, in keeping with Adobe's bad PR attitude, their latest 'CRITICAL' security updates have hit the net. Below are some direct links to help you past the clickity-click-click garbage you have to endure when going through Adobe's home page.
I) Adobe Acrobat Pro v9.4.0 update
IIa) Adobe Reader v9.4.0 update - multiple languages INTEL version
IIb) Adobe Reader v9.4.0 update - multiple languages PPC version
III) Adobe AIR v126.96.36.19990 update
And of course you've already installed Adobe Flash Player v10.1.0 update from two weeks ago, right?
What's been fixed?
Adobe Acrobat and Reader:
This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild.--Quoting from CVE-2010-2883:
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.3.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.Adobe AIR: Beats me! As of today, Adobe have provided NO release notes for AIR v2.0.4. Imagine my cynicism. When Adobe bother to provide release notes, they will appear HERE.
Can anyone spare Adobe an anvil? Mine's in for repair. ;-)
And now it's time for a laugh! Every month this summer Adobe have had 'CRITICAL' security flaws discovered and patched in Acrobat, Reader and Flash Player. There have also been two updates to Adobe Air. Despite this situation, Adobe still hold to the bizarro naive notion of 'quarterly updates'. Here is their message to the world regarding this situation, as of today:
Note that today’s updates represent an accelerated release of the quarterly security update originally scheduled for October 12, 2010. With this accelerated schedule, Adobe will not release additional updates for Adobe Reader and Acrobat on October 12, 2010. The next quarterly security updates for Adobe Reader and Acrobat are scheduled for February 8, 2011.Right. So we'll all meet back here on February 8th. Sure. Everything will be safe and sound until then! Uh huh.
We know better. See you back here next month!