In line with its earlier announcement, Adobe has released security updates for the Adobe Reader and Acrobat X 10.1.3 and previous versions, for Windows and Macintosh platforms. Elaborating on the software vulnerabilities that the security updates address, Adobe adds that the vulnerabilities in the software could lead the application to crash, as also potentially allowing an attacker to gain control the affected system.
Accordingly, Adobe has recommended in its “Security update available for Adobe Reader and Acrobat” post on its Security bulletin that users update their product installations to the latest versions. Elaborating further on this, Adobe adds that those users who're using Adobe Reader X (10.1.3) and previous versions for both Windows and Macintosh should update to Adobe Reader X (10.1.4). Those using Adobe Reader 9.5.1 and the previous versions for Windows and Macintosh (who cannot update to Adobe Reader X (10.1.4)), there is Adobe Reader 9.5.2 available. Those users using Adobe Acrobat X (10.1.3) for both Windows and Macintosh should opt for update to Adobe Acrobat X (10.1.4), while those using Adobe Acrobat 9.5.1 and previous versions for Windows and Macintosh should update to Adobe Acrobat 9.5.2.
New security update issued
Detailing further, the post adds that Adobe Reader users on both Windows and Macintosh can use the product's update mechanism. The default configuration here allows automatic update checks regularly. To have it manually updated, users can go to Help>Check for Updates. Adobe Acrobat users can use their respective update mechanism. Here again, the default option allows automatic update checks regularly.To have it manually updated, users can go to Help> Check for Updates.
In Prenotification Security Advisory for Adobe Reader and Acrobat – APSB12-16 released by Adobe, it had confirmed that it would release security updates for the Adobe Reader and Acrobat X 10.1.3 and previous versions, for Windows and Macintosh on August 14, 2012. Citing flaws of a critical nature, Adobe had said in the post that the updates would address these flaws. In the post, Adobe had listed down the affected software versions:
- Adobe Reader X (10.1.3) and earlier 10.x versions for Windows and Macintosh
- Adobe Reader 9.5.1 and earlier 9.x versions for Windows and Macintosh
- Adobe Acrobat X (10.1.3) and earlier 10.x versions for Windows and Macintosh
- Adobe Acrobat 9.5.1 and earlier 9.x versions for Windows and Macintosh
Importantly, the post also includes Adobe's priority ratings for each of the affected software. Priority Ratings is a guideline to help its customers in managed environments to prioritize Adobe security updates. The company decides the priority rankings based on historical attack patterns for the relevant product, the type of vulnerability, the platform(s) affected and any potential mitigations that may be in place.
In the post, Adobe had also given four of the six items a priority rating of 2. Updates to software with this priority rating fix the vulnerabilities in a product that which have historically been at elevated risk. Adobe adds that there currently are no known exploits to these programmes. Going by previous experience, Adobe does not anticipate exploits are imminent. However, as a best practice, it recommend that administrators install the update soon, i.e., within 30 days. The remaining two programmes have a priority rating of 1. This rating indicates that the software contains vulnerabilities that are being targeted, or those that are at a higher risk of being targeted by exploit(s) in the wild for a given product version and platform. The company recommends that administrators install these update too as soon as possible, preferably within 72 hours.