Adobe's first Patch Tuesday a critical event

Stephen Withers
Wednesday, 10 June 2009 08:17

Business IT - Security

Adobe's first quarterly update for Acrobat and Reader addresses a baker's dozen of vulnerabilities. But Unix users will have to wait until next week for their updates.

Adobe said it would switch to a quarterly schedule for security updates (except where exploits were found in the wild), and it has delivered.

The June updates for Reader and Acrobat cover a mix of vulnerabilities detected by the company's own code hardening efforts and those found by outsiders.

The updates provide protection against 13 vulnerabilities in earlier versions. All of them are thought to have the potential to allow arbitrary code execution.

The underlying problems include stack overflows, heap overflows, integer overflows, and memory corruption.

Adobe recommends that users of Reader 9 and Acrobat 9 update to the newly released 9.1.2 versions. Acrobat 7 and 8 should be updated to 7.1.3 and 8.1.6 respectively.

The software can be conveniently brought up to date on a single computer by using the programs' Check for Updates command. If multiple systems are to be updated, it is more practical to download the updater(s) from Adobe Product Updates.

The Unix updates are scheduled for release on June 16.