Adobe has accelerated its quarterly update for its Reader and Acrobat applications from the planned July 13th to today, June 29th. The reason behind the early release is a critical vulnerability announced June 4th that has been seen in the wild that could allow the program to be crashed and an attacker to take control of the system. Adobe Flash Player was patched on June 10th to address this same vulnerability.
Most users will be able to just go to Help, Check for Updates… if the auto-update system doesn’t already prompt you to grab the latest version. If you’re deploying over group policy, you’ll want to use this sequence to patch the respective applications:
Adobe Acrobat: 9.0 -> 9.1 -> 9.1.2 -> 9.2 -> 9.3 -> 9.3.2 -> 9.3.3
Adobe Reader: 9.3 -> 9.3.2 -> 9.3.3
You can then follow the instructions I’ve published previously for deploying Adobe Acrobat 9.3.2 via group policy.
You can learn more about what this update includes by reading the related Security bulletin Adobe has published, including the 17 vulnerabilities that are patched with this update. For more information about other changes related to Adobe Reader and Acrobat, you can read the latest blog article at the Adobe Reader blog. Most interesting to me, is this little bit:
Adobe Download Center Changes are Coming
In the past, we delivered Adobe Reader updates as full installers or patches (for instance, 9.x = full installer, 9.x.y = patch). The Adobe Reader Download Center at http://get.adobe.com/reader always offers the most recent full installer of Adobe Reader, which is currently Adobe Reader 9.3. After installation, the Adobe Reader Updater will automatically check and offer the latest patches to keep end-users up-to-date (as of today, the latest patch is Adobe Reader 9.3.3).We have been working on a new method of always offering the latest version, whether they be full installers or patches, of our most popular language/platform pairs on the Adobe Download Center. This change will make its debut as scheduled on July 13, 2010 (by offering Adobe Reader 9.3.3 for installation) and will become a standard operating procedure going forward. In addition, as always, the Adobe Reader Updater will continue to automatically check for new updates, or users can force an update to happen by selecting > Help > Check for Updates from the Adobe Reader menu.
Hopefully this will include offering the minor version as full .msi files for those of us needing to deploy the software but all around this is a good change. Instead of downloading, installing, and being nagged to update as soon as you start it up, you should be running the latest version after your install the application.
Another good job by Adobe getting the patches out there as soon as possible and ahead of schedule in response to vulnerabilities being exploited in the wild. I encourage you to update today if you’re using Adobe Reader or Acrobat.