back to article Surprise Adobe update grapples with critical flaws

Adobe published an out-of-sequence update for its Reader and Acrobat software packages on Tuesday that tackles a brace of serious flaws. The cross-platform Reader and Acrobat update fixes a vulnerability in the domain sandbox of the PDF technology that opens the door to possible exploits, more specifically unauthorised cross- …


This topic is closed for new posts.
  1. Si 1

    Security flaws in Adobe software? Well I never...

    I suppose this is actually quite a good excuse for not putting Flash on the iPhone or iPad...

    1. Rod MacLean

      RE: Security flaws in Adobe software? Well I never...

      By "excuse", I take it you mean "reason"?

  2. xenny

    Where are the patches?

    I go to , and right now, the most recent patch listed there is for 12 Jan 2010, and is 9.3. The acrobat auto update gets you 9.3.1, but where's 9.3.1 if you are deploying acrobat rather than relying on the desktop users to click OK to a patch, and trusting them with admin rights?

    1. Paul Coen
      Thumb Down

      Patch location

      Click on the "New Downloads" link on the right side of the page. It'll give you links to the msp files for each.

      Thanks, Adobe, for making it easy!

  3. CD001

    tackles a brace of serious flaws

    So, that would be 2 then?

    1. Anonymous Coward
      Anonymous Coward

      Re: tackles a brace of serious flaws

      "So, that would be 2 then?"

      Yes, exactly as the man said.


  4. Paul Shirley

    just dump Reader

    Best security fix for Reader? Uninstall and replace with ANY other pdf reader... as a bonus you'll stop needing to task kill the zombie process their POS leaves running after you quit.

  5. Robert Carnegie Silver badge

    Also still 9.3 here (3pm GMT Wed 17/02/10) - 9.3.

    Maybe they prefer you to turn on the product's internal update function. Or they're waiting for the rush of people doing that to die down.

    The drawback is, some people will look for it on BitTorrent instead. That could be a bad mistake.

    1. Anonymous Coward
      Anonymous Coward

      Young people today.....


      Am I the only one who checks for this sort of update?

      Where's the old codger icon?

      1. AndrueC Silver badge

        It's easier than that.

        I just got offered the update within ten minutes of firing my laptop up. I had to remove the stupid shortcut from my desktop when it had finished but at least I didn't need to reboot.

  6. Paul Coen

    It gets worse

    I just checked the redistribution site for Flash while dealing with Acrobat - if you're using tools like SMS or Zenworks it'll get you MSI installers. They haven't updated the MSI installers since Janaury 26th, which is the PREVIOUS Flash update, not the current one from last week. Because, you know, you wouldn't want to use your fancy management tools to push out a critical security update to your enterprise.

    And now back to Acrobat.

    If you've got Acrobat Professional, you can't get updated installers. You have to install 9.0 and patch it - and the patches aren't cumulative. 9.0 > 9.1 > 9.1.1 > 9.2 and so on. However, if you install Acrobat Pro 9.0 and then Reader 9.3 (say you don't want Pro as a browser plugin), the Reader installer modifies the Acrobat Pro installation so it at least thinks it's 9.3. To the point where the 9.3.1 Acrobat Standard/Professional patch will install on top of it. The Reader 9.3.1 msp file, of course, still has to be applied to Reader separately. Mind you, the Reader installer modifying Acrobat Pro doesn't seem to be documented anywhere. Who knows if it's actually fully updating Acrobat Pro.

    They're reaction when we asked them about updated install media last month? Confusion, pointing out that we can download the 9.0 installer from the volume licensing site, and saying "Well, you'll be able to update to 10.0 when that comes out later this year".

  7. Alastair 7

    Re: Also still 9.3 here

    "The drawback is, some people will look for it on BitTorrent instead. That could be a bad mistake."

    Really? Because I've never heard of anyone doing that, ever.

  8. KaD

    Acrobat Alternatives

    I ditched Acrobat for viewing PDF files for two reasons. First it is a big piece of bloatware these days that wants to stay resident. Second it is 32-bit and I run a 64-bit version of Windows Vista now. I found that PDF-XChange has a native 64-bit version ( as well as a 32-bit version for 32-bit types ), runs very fast and uses very little memory. Highly recommended and they have a free version of people.

    1. Anonymous Coward

      "they have a free version of people."

      Cool! People are JUST too expensive these days! Could I get some to clean my house?

  9. SoltanGris


    If you were foolish enough to think this is finally fixed you'd be

    stunned to learn otherwise. Stunned if you had just crawled out from

    under a rock.

    According to Secunia this latest and greatest 'fix' from Adobe clusterf*ck

    Systems Inc is just another foil to fool you, dear tool, er user.

    Here's a link and everything.

    It's not in PDF form so it must be true.

  10. heyrick Silver badge



    { Adobe Updater }

    Write Permission Error. The download cannot be saved to D:\Temp\Adobe because you do not have permission to create a file there. Make sure you have the proper permissions and then click Retry. Otherwise, click Change Location.


    I told the updater to stick its rubbish in the Temp folder because I was sick of it scattering its crap around my disc. Permission error? Bollocks. The Adobe folder was probably auto-deleted in a Temp-Tidyup, but you - woeful Adobe - are too f**king stupid to think to ensure the required directory structure exists BEFORE you try writing there. And when it goes all tits-in-the-air instead of whinging "invalid directory" it instead complains about Permissions With Odd Capitalisation.

    Fail, fail, fail, fail, fail, fail, fail, fail, bl**dy f**king FAIL!

    [okay, I feel better now...]

    PS: FAIL also for offering me 20-somethingMb of language pack I don't want for forms I won't fill in, over and over and over. At least WindowsUpdate has an option to tell unwanted updates to sod off and stop bothering me.

  11. AndrueC Silver badge
    Thumb Down

    Because it can?

    And of course it felt that I would benefit from having a shortcut to Reader on my desktop. Stupid arrogant gits. If I want a shortcut to something on my desktop I'll put it there myself. Of all the things I /might/ want a shortcut to Adobe Acrobat Reader is pretty much the least likely. It seems to integrate with my browser and/or launch itself when I double click so why would I want it on the desktop?

  12. xenny

    so near, yet so far

    It gets better. There's an updater visible at , which you need a username and password to actually download. I've registered to deploy acrobat reader, but I've never received such a password. Are they actually playing with us?

  13. Gis Bun
    Thumb Down

    Jeez. More updates.

    I recently migrated to a new syste and reinstalled Acrobat 8 Pro. It was already at 8.1.0. I needed 7 patches to get it to the current 8.2.1. This is getting rediculous.

    BTW, Adobe's quarterly updates are bad. Now we have to wait up to 3 months [or in some cases more when they forget to disclose a vulnerability] to get updates and all these updates are fixes to vulnerabilities. They [at this point] aren't likely to release any new features for them. So why bother with the quarterly updates?

  14. This post has been deleted by a moderator

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019