Adobe Security Advisories

Adobe has released a couple of security advisories that are worth noting, since they pertain to software that is installed on a large number of PCs.

The first bulletin [APSA09-03] applies to Adobe’s Reader (formerly Acrobat Reader), Acrobat, and Flash Player software, on all platforms.  The Flash Player is very widely used as a browser plug-in, to display multimedia content from YouTube and other sites.  The Reader is similarly used, as a plug-in or as a stand-alone application, to view files in Portable Document Format (.PDF).  Acrobat can be used to create PDF files.  Adobe rates this as a Critical vulnerability, and expectes to release a patch by tomorrow. The bulletin contains information about a possible work-around, by renaming, deleting, or removing access to the ‘authplay.dll‘ library.

The second bulletin  [APSA09-04] is specific to users of the Flash Player as a plug-in for Internet Explorer on Windows; other browsers are not affected.   It is related to the problem with the Active Template Library, for which Microsoft released out-of-schedule patches on Tuesday.  If you have installed that Microsoft patch, you are probably somewhat protected; but Adobe rates this as a Critical vulnerability.   They expect to have a fix available by tomorrow.

Update Thursday, 30 July, 21:00

The fixes for the Flash Player problem in the first bulletin [APSA09-03] are now available for download.  See Adobe Security Bulletin APSB09-10 for instructions and download links.

Update, Friday, 31 July, 16:00

The fixes for Acrobat and Reader have now been released.  The Security Bulletin, APSB09-10, has been updated to reflect this.