Security bulletin

Security Advisory for Adobe Reader and Acrobat

Release date: January 7, 2010

Vulnerability identifier: APSB10-02

Platform: All

Summary

Adobe is planning to release an update for Adobe Reader 9.2 and Acrobat 9.2, and Adobe Reader 8.1.7 and Acrobat 8.1.7 for Windows and Macintosh, and Adobe Reader 9.2 for UNIX, to resolve critical security issues. Adobe expects to make this quarterly update available on January 12, 2010.

Among other issues, this update will resolve a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier (CVE-2009-4324) on Windows, Macintosh and UNIX. There are reports that this issue is being actively exploited in the wild; the exploit targets Adobe Reader and Acrobat 9.2 on Windows platforms. Please see the related APSA09-07 Security Advisory for mitigation guidance until a patch is available on January 12, 2010.

Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. Adobe recommends that you keep your anti-malware software and definitions up-to-date and monitor releases from your vendor about this issue.

Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at the following URL: http://blogs.adobe.com/psirt or by subscribing to the RSS feed here: http://blogs.adobe.com/psirt/atom.xml.

(Note: This Security Advisory will be replaced with the final Security Bulletin upon release on January 12, 2010.)

Affected software versions

Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh

Severity rating

Adobe categorizes this as a critical update.