On May 12th, 2009, Adobe has released security updates to Adobe Acrobat Reader and Acrobat for Windows, Mac, and Linux. From the security bulletin at http://www.adobe.com/support/security/bulletins/apsb09-06.html :
“A critical vulnerability has been identified in Adobe Reader 9.1 and Acrobat 9.1 and earlier versions. This vulnerability (CVE-2009-1492) would cause the application to crash and could potentially allow an attacker to take control of the affected system. A second vulnerability has also been reported that appears to affect Adobe Reader for UNIX only (CVE-2009-1493).
Adobe recommends users of Adobe Reader 9.1 and Acrobat 9.1 and earlier versions update to Adobe Reader 9.1.1 and Acrobat 9.1.1. Adobe recommends users of Acrobat 8 update to Acrobat 8.1.5, and users of Acrobat 7 update to Acrobat 7.1.2. For Adobe Reader users who can’t update to Adobe Reader 9.1.1, Adobe has provided the Adobe Reader 8.1.5 and Adobe Reader 7.1.2 updates.”
Read the security bulletin for download links : http://www.adobe.com/support/security/bulletins/apsb09-06.html
According to a security advisory from Adobe , Adobe Flash v10.0.12.36 (and earlier versions of Adobe Flash 9) on all platforms has a vulnerability “that could allow an attacker who successfully exploits this potential vulnerability to take control of the affected system” – meaning malicious software could be downloaded and run on your machine if you visit a website with malicious Flash content file or video (SWF) .
To determine what version of the Flash player you have, visit http://www.adobe.com/products/flash/about/and to install the latest Flash player go to http://www.adobe.com/go/getflashplayer.
Windows users should note that the Flash Player in their Microsoft Internet Explorer browser and the one in other web browsers like Opera, Mozilla Firefox, Google Chrome and Safari are separate installs. You should install and update both versions, by visiting http://www.adobe.com/go/getflashplayer in Internet Explorer and then with your other web browser.
There have been several updates to popular plugins recently :
If you’ve haven’t updated your Adobe Flash player since April 8th, 2008 to version 126.96.36.199, please do so as there are several exploits targeting older versions of Flash.
How to tell what version of Flash you are using? Via Adobe’s Security Bulletin :
To verify the Adobe Flash Player version number, access the About Flash Player page, or right-click on Flash content and select “About Adobe (or Macromedia) Flash Player” from the menu. Customers using multiple browsers are advised to perform the check for each browser installed on their system.
You can download the latest Flash Player at http://www.adobe.com/go/getflashplayer. You can also keep track of security issues of Adobe products at the Adobe Product Security Incident Response Team blog at http://blogs.adobe.com/psirt/