DarkFiber Consulting – IT Managed Services

Adobe has released an update for Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities affect Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX and Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Adobe Security Bulletin APBS10-02 and apply any necessary updates to help mitigate the risks. 

Adobe has republished security bulletin APSB09-015 to address multiple vulnerabilities in Adobe Reader and Acrobat. These vulnerabilities may allow an attacker to execute arbitrary code, escalate local privileges, or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Adobe security bulletin APSB09-015 and apply any necessary updates. 

Adobe has released security bulletin APSB09-15 to alert users of a critical vulnerability in Adobe Reader and Acrobat. Adobe indicates that it has received reports of active exploitation of this vulnerability. Release of an update for this vulnerability is scheduled for Tuesday, October 13.

DarkFiber Consulting encourages users and administrators to take the following actions to help mitigate the risks:

• Review Adobe Security Bulletin APSB09-15.
• Disable JavaScript in Adobe Reader and Acrobat. Acrobat JavaScript can be disabled in the General preferences dialog (Edit, Preferences, JavaScript, and un-check “Enable Acrobat JavaScript”).

Adobe has released a security advisory to address a vulnerability in Adobe Reader and Acrobat 9.1.2 and Flash Player 9 and 10. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review the security advisory and implement the following workarounds until a fix is available:

• Disable Flash in Adobe Reader 9 on Windows platforms by renaming the following files: “%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll” and “%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll”.

• Disable Flash Player or selectively enable Flash content as described in the Securing Your Web Browser Document.

Additional information regarding this vulnerability can be found in Technical Cyber Security Alert TA09-204A.

DarkFiber Consulting will provide additional information as it becomes available.

Adobe has released security updates to address multiple vulnerabilities that affect versions of Reader and Acrobat up to and including Reader 9.1.1 and Acrobat 9.1.1. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Adobe Security Bulletin APSB09-07 and apply any necessary updates to help mitigate the risks. Additional information regarding these vulnerabilities can be found in Technical Cyber Security Alert TA09-161A.

DarkFiber Consulting is aware of public reports of two vulnerabilities affecting Adobe Reader and Acrobat. The JavaScript methods customDictionaryOpen() and getAnnots() do not safely handle specially crafted arguments and can be manipulated to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to disable JavaScript in Adobe Reader to help mitigate the risk:

1. Open the General Preferences dialog box
2. From the Edit menu, select Preferences and then choose JavaScript
3. Un-check Enable Acrobat JavaScript

Additional information regarding these vulnerabilities can be found in the Adobe PSIRT blog entry and in the Vulnerability Notes Database. DarkFiber Consulting will provide additional information as it becomes available.