Krebs On Security
Adobe, Microsoft and Oracle today each issued security updates to fix serious vulnerabilities in their products. Adobe released patches for AIR, Acrobat, Flash and Reader, while Microsoft pushed out fixes to shore up at least a half dozen security weaknesses in Windows and Office. Oracle released an update for Java that fixes at least three dozen security holes in the widely-used program.
6 Nov 2012 10:00 AM
Today, in conjunction with Adobe’s update process, we have revised Security Advisory 2755801 to address issues in Adobe Flash Player in Internet Explorer 10. Customers who have automatic updates enabled will not need to take any action because protections will be downloaded and installed automatically. Customers who do not use automatic updates should apply the guidance in the advisory immediately using update management software, or by checking the Microsoft Update service, to help ensure protection.
We remain committed to taking the appropriate actions to help protect customers and will continue to work closely with Adobe to deliver quality protections that are aligned with Adobe’s update process.
Adobe Product Security Incident Response Team (PSIRT) Blog
Today, a Security Bulletin (APSB11-05) has been posted to address a critical security issue (CVE-2011-0609) in Adobe Flash Player, as referenced in Security Advisory Security Advisory APSA11-01. This Security Bulletin affects Adobe Flash Player 10.2.152.33 and earlier versions (Adobe Flash Player 10.2.154.18 and earlier versions for Chrome users) for Windows, Macintosh, Linux, and Solaris operating systems, and Adobe Flash Player 10.1.106.16 and earlier versions for Android. Adobe recommends users apply the updates for their product installations.
Reader X for Windows implements a sandbox architecture functionality that opens PDF files in an isolated instance of the application. This helps protect a computer from malicious code that may be contained in a PDF file.
Adobe Reader Protected Mode represents an exciting new advancement in mitigating the impact of attempted attacks. While sandboxing is not a security silver bullet, it provides a strong additional level of defense against attacks. Even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims’ computers.
“Protected Mode” is enabled by default.
On the download page there is a pre-checked box to include McAfee Security Scan Plus. If you do not want this added to your download uncheck the box before hitting “Download now”.
Note also that Adobe states, “You may have to temporarily disable your antivirus software.” I did not run into any issues leaving mine enabled but it may depend on the AV you have installed.