Earlier this month, I posted a note about a newly-discovered critical security vulnerability that affected Adobe Systems’ Flash player, and its Reader and Acrobat products. That flaw was soon exploited by the Bad Guys, although there were mitigation steps available, as I mentioned in that earlier post. Adobe released a new version of Flash Player, which fixed the problem, on June 10, and promised a fix for Reader and Acrobat by the end of this month.
Adobe has now released updates for Reader and Acrobat, to version 9.3.3, which fixes the specific vulnerability discovered earlier this month, as well as a number of other security flaws. More information about the fixes can be found in the Adobe Security Bulletin APSB10-15. The update for Reader can be obtained through the built-in update mechanism (Help / Check for Updates); alternatively, you can download the updates packages directly for Windows or Mac OS X. (Note that these are update packages, not complete new versions.) Linux users can download a package for the new version here.
(The Linux download link still seems to be pointing to version 9.3.2. You can get the 9.3.3 packages via FTP by following this link. The directory you want, for the English versions, is:
ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/9.3.3/enu/ . Debian and RPM packages, and tarballs for Solaris, are available.)
For Acrobat updates, please check the instructions in the Security Bulletin.
Because at least one of the vulnerabilities fixed in this version is being actively exploited, I recommend that you apply the update as soon as possible.
Update, Tuesday, 29 June, 21:35 EDT
The download link for the Linux version has been corrected in the Security Bulletin, and now points to the correct, 9.3.3 version.
Update, Tuesday, 29 June, 22:25 EDT
Adobe has some additional information about this update in a post by Steve Gottwals on the Adobe Reader Blog.