Critical security patches for Adobe Reader released (Acrobat, Flash Player and AIR too)

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Adobe security holeThere’s no time to waste.

If you are responsible for one of the many millions of computers around the world running Adobe software, you need to make sure that the latest security updates are being installed.

Today was a big deal for security patches with not just Microsoft, but also Oracle (the maker of the ever-troubled Java amongst other software) and Adobe releasing a host of important and critical updates.

First up are flaws in Adobe Reader and Acrobat, impacting both Windows and Mac OS X versions of the PDF-handling software.

Sign up to our free newsletter.
Security news, advice, and tips.

Helpfully, Adobe has published a table showing the latest (patched) version number of each flavour of Adobe Reader and Adobe Acrobat.

Product Updated Version Platform Priority rating
Adobe Reader XI (11.0.06) Windows & Mac 1
Adobe Reader X (10.1.9) Windows & Mac 1
Adobe Acrobat XI (11.0.06) Windows & Mac 1
Adobe Acrobat X (10.1.9) Windows & Mac 1

Adobe uses its system to rate the severity of vulnerabilities, and help companies and individuals prioritise when they should be rolled out. Unfortunately all of the above have been assigned a priority level of “1” by the firm – its most serious rating.

In Adobe’s own words that means that action should be taken promptly to protect against these critical vulnerabilities:

This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (for example, within 72 hours).

More details about the Acrobat and Reader vulnerabilities can be found on Adobe’s website.

But the bad news for Adobe users doesn’t stop there, unfortunately.

The company has also released security updates for Adobe Flash Player 11.9.900.170 and earlier versions for Windows and Mac OS X and Adobe Flash Player 11.2.202.332 and earlier versions for Linux.

Adobe suggests that users update to the latest versions, and provided this helpful guide to working out exactly what version you needed on your particular set-up:

* Users of Adobe Flash Player 11.9.900.170 and earlier versions for Windows Internet Explorer should update to Adobe Flash Player 12.0.0.38.
* Users of Adobe Flash Player 11.9.900.170 and earlier versions for NPAPI plugin-based browsers on Windows should update to Adobe Flash Player 12.0.0.43
* Users of Adobe Flash Player 11.9.900.170 and earlier versions for Macintosh should update to Adobe Flash Player 12.0.0.38.
* Users of Adobe Flash Player 11.2.202.332 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.335.
* Adobe Flash Player 11.9.900.170 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.41 for Windows, Macintosh and Linux.
* Adobe Flash Player 11.9.900.170 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.38 for Windows 8.0.
* Adobe Flash Player 11.9.900.170 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.38 for Windows 8.1.
* Users of Adobe AIR 3.9.0.1380 and earlier versions for Windows and Macintosh should update to Adobe AIR 4.0.0.1390.
* Users of Adobe AIR 3.9.0.1380 and earlier versions for Android should update to Adobe AIR 4.0.0.1390.
* Users of the Adobe AIR 3.9.0.1380 SDK and earlier versions should update to the Adobe AIR 4.0.0.1390 SDK.
* Users of the Adobe AIR 3.9.0.1380 SDK & Compiler and earlier versions should update to the Adobe AIR 4.0.0.1390 SDK & Compiler.

What’s that? You found all those version numbers confusing? Surely not! Okay, I admit it. I was being sarcastic when I said Adobe had produced a “helpful guide”. It’s enough to tie your brain in knots.

What would genuinely be helpful is if the company thought hard about making its version numbers and guidance a little clearer in 2014.

Visit this page on Adobe’s website to determine which version of Flash you have installed.

And while you’re at it, make sure that you installed the security patches (as necessary) that Microsoft and Oracle released today as well.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.