Adobe Announces Adobe Reader/Acrobat 9.4.3 Patch Release Schedule
Article by George Norman
On 14 Sep 2010
If you have been following the Adobe Reader and Adobe Acrobat is plagued by a critical, publicly exploited vulnerability story, here’s eh update: Adobe has finally announced when it plans to release a fix for the vulnerability. A fix will be released during the week of October 4, 2010, said Adobe, the California-based company that specializes in creating multimedia and creativity software products.

If you haven’t been following this story, here’s the lowdown. Last week Adobe announced that Adobe Reader 9.3.4 and earlier versions for Windows, Mac and UNIX, as well as Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac, are plagued by a critical vulnerability. If someone with malicious intent exploited this vulnerability, that person could crash the targeted system and even take control of the targeted system.


Adobe posted a security advisory online, but it didn’t offer any specific details about the vulnerability. Luckily enough McAfee’s Xiao Chen offered some details: “This zero-day vulnerability is a typical stack buffer overflow. Although the latest version of Reader has been compiled with stack protection (/GS), the exploit uses an Return Oriented Exploitation (ROP) technique to bypass /GS protection and data execution prevention (DEP),” explained McAfee’s Xiao Chen.

This weekend Adobe updated the security advisory to propose a mitigation for Windows users. Here’s what Adobe said in the advisory:

“Current exploits in the wild target the Windows platform. Customers using Adobe Reader or Acrobat 9.3.4 or earlier on Windows can utilize Microsoft's Enhanced Mitigation Evaluation Toolkit (EMET) to help prevent this vulnerability from being exploited. Note that due to the time-sensitive nature of this issue, testing of the functional compatibility of this mitigation has been limited. Therefore, we recommend that you also test the mitigation in your environment to minimize any impact on your workflows.”

Microsoft Security Research & Defense’s Fermin J. Serna and Andrew Roths posted a detailed article on how you can use EMET 2.0 to prevent the exploitation of the Adobe Reader and Adobe Acrobat vulnerability mentioned above.

Today Adobe announced that during the week of October 4 it will issue updates to Adobe Reader and Adobe Acrobat to fix the critical, publicly exploited vulnerability presented above.

Please note that Adobe initially planned to release updates for its products on the 12th of October. Because of the October 4 release, no other updates will be released on October 12. Please also note that during the week of October 4 Adobe will also plug a recently discovered Flash Player 10.1 critical vulnerability that also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. Additional details about this vulnerability are available in this security advisory .

Tags: Adobe, Adobe Reader, Adobe Acrobat, Security
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Adobe Announces Adobe Reader/Acrobat 9.4.3 Patch Release Schedule
HTML Linking Code