As expected, Adobe has released new versions of its Acrobat and Reader software, incorporating critical security updates. There is also a critical update for Flash Player, though this was not included in the preview announcement.
The updates for Reader and Acrobat address a total of 27 identified vulnerabilities. According to the Security Bulletin [APSB 13-15], the vulnerable versions of Acrobat and Reader are:
- Adobe Reader XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
- Adobe Reader X (10.1.6) and earlier 10.x versions for Windows and Macintosh
- Adobe Reader 9.5.4 and earlier 9.x versions for Windows, Macintosh and Linux
- Adobe Acrobat XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
- Adobe Acrobat X (10.1.6) and earlier 10.x versions for Windows and Macintosh
- Adobe Acrobat 9.5.4 and earlier 9.x versions for Windows and Macintosh
The Security Bulletin lists the appropriate new versions for these. Users of Reader or Acrobat on Windows or Mac OS X can get the new version via the update mechanism built into the software, which is set to check for updates automatically by default; to initiate a check manually, choose Help / Check for Updates from the product menu. Alternatively, you can download appropriate Reader updates from these links:
Please see the Security Bulletin for Acrobat update downloads, and for further details.
As noted above, Adobe has also released Critical updates for Flash Player; according to the Security Bulletin [ASPB 13-14], these fixes address 13 identified vulnerabilities. Affected versions of the software are:
- Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh
- Adobe Flash Player 184.108.40.2060 and earlier versions for Linux
- Adobe Flash Player 220.127.116.11 and earlier versions for Android 4.x
- Adobe Flash Player 18.104.22.168 and earlier versions for Android 3.x and 2.x
- Adobe AIR 22.214.171.1240 and earlier versions for Windows and Macintosh
- Adobe AIR 126.96.36.1990 and earlier versions for Android
- Adobe AIR 188.8.131.520 SDK & Compiler and earlier versions
Users on Windows or Mac OS X systems should received the update automatically, if they have enabled the option “Allow Adobe to install updates”. Otherwise, they can obtain the new version from the Flash Player Download Center, as can Linux users. Please see the Security Bulletin for Android updates. Google Chrome ships with its own version of Flash Player, and I would expect a new version of Chrome, incorporating these updates, to appear “real soon now”. I’ll update this post when it’s available.
Because they are so widely installed across platforms, Reader and Flash Player have been tempting targets for the Bad Guys. I suggest that you update your systems as soon as you conveniently can.
Update Tuesday, 14 May, 13:05 EDT
According to a post on the Chrome Releases blog, Google is now pushing Flash Player updates for the Windows and Mac versions of Chrome. (Mea culpa: I had forgotten that they had added to capability to update things like Flash without doing a whole new version.)