Adobe has released new versions of its Reader and Acrobat products, to address the recently-discovered Flash vulnerability [CVE-2011-0611]. (This is the same flaw that Adobe patched in Flash Player last Friday.) Updates are available for the following affected versions of the software:
- Adobe Reader X (10.0.1) and earlier versions for Windows
- Adobe Reader X (10.0.2) and earlier versions for Macintosh
- Adobe Acrobat X (10.0.2) and earlier versions for Windows and Macintosh
Adobe specifically says that Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this vulnerability. More details are available in the Adobe Security Bulletin [APSB 11-08].
For users of Reader 9.x, the new version is 9.4.4. For users of Reader X (10.x) on Macintosh, the new version is 10.0.3. Reader X for Windows is not being updated at this time; Adobe says that the Protected Mode feature in that version will keep the exploit from executing.
You can get the new version using the built-in update mechanism (Help > Check for Updates), or you can download the updates manually for Windows or Macintosh (Intel or PPC). Note that this is an update package, not a complete new installation, so it will not work unless you have the most recent previous version installed. See the Security Bulletin for download links to the Acrobat updates.
There is evidence that this vulnerability is being exploited in targeted attacks; I encourage you to update your systems as soon as you can.