That was quick! Adobe's emergency patch for Reader and Acrobat is here...

Filed Under: Adobe, Featured, PDF, Vulnerability

Update: The original version of this article listed the vulnerability report as appearing on 2012-02-12 and Adobe's workaround on 2013-02-13, more than a year later. It was, in fact, the next day: the vulnerability report was dated 2013-02-13. Thanks to Naked Security reader Joerg for spotting the mistake. (Corrected 2013-02-21T08:37Z)

Adobe has released the emergency update for Reader and Acrobat that it promised late last week.

The company decided to get a move on to deal with a newly-reported vulnerability that was actively being exploited, at least on Windows and the Mac.

The timeline has been pretty swift:

The fixes are available for all affected platforms, so Windows, Mac and Linux users should all upgrade.

Adobe rates these updates at a priority of 1 on the Windows and Macintosh platforms, for all supported product versions (9, 10, 11).

That's because the vulnerability was not just known, but actively being exploited.

On Linux, the rating is 2, which means that vulnerabilities exist in the product, but no exploits are known.

How quickly should you act?

Adobe's recommendations are to get Ones done in three days, or "as soon as possible," and Twos within a month, which it describes as "soon."

If you're still labouring away under a change control regimen that makes this sort of responsiveness difficult, it's high time to work at speeding things up.

In this case, Adobe has bust a gut to get its patch done quickly and within the promised timeframe.

You may as well take advantage of Adobe's new-found velocity!

PS. If you have your Reader or Acrobat installation set to update automatically, it will. But you can fast-forward the update if you want, by using Help | Check for Updates.

, , , , ,

You might like

4 Responses to That was quick! Adobe's emergency patch for Reader and Acrobat is here...

  1. Nigel · 547 days ago

    There are many irritating things about Adobe. This isn't one of them. Credit where credit is due for their jumping on this so quickly.

  2. jULIE · 547 days ago

    What is the EXACT Link for the PATCH?

  3. jULIE · 547 days ago

    Looking for latest update...have Adobe reader XI

    • Paul Ducklin · 546 days ago

      Above you'll see a bit where I mentioned "Patch is released," which links here:

      http://www.adobe.com/support/security/bulletins/a...

      That's Adobe's official "this is what it is, and here is where you get it" page, for all supported versions on all supported operating systems. (You actually click through first by OS and then by version number.)

      There's a further choice of whether you want to download the full, latest, most up to date version (100MB to 200MB depending on version), or just enough to update from an already-installed earlier version.

      Because of the wide range of choices, we link only to the main patch-related page, and let Adobe guide you from there...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog