Friday, April 22, 2011

Security Update Available for Adobe Reader and Acrobat

Adobe shipped a critical security update to its Adobe products on April 21, 2011 that addresses a vulnerability that can cause the application to crash and allow an attacker to take control of the affected system.

Action Required: Ag IT recommends that College of Ag Science faculty and staff update any Adobe products to the current version.

Note: Along with applying this update, we also recommend that you follow these steps to Secure Adobe Reader to Prevent Malware once you have your Adobe products updated!!

You should be able to use the built-in Updater program to update the software.

  1. Open Adobe Reader or Adobe Acrobat Professional.
  2. From the Help menu choose Check for Updates.
  3. If updates were found, follow the on-screen steps to update.

    Note: If an update is downloaded, close Adobe before applying the update.
    Then re-open Adobe. Repeat steps 1 - 3 until no more updates are available.

  4. Note: If the automatic updater does not find the latest updates, and your version is not the most current one, go to the Acrobat for Windows downloads page. Scroll down to locate the update for your version. Download and install.

    Note: Earlier versions of Adobe Acrobat Professional (version 8 or lower) will not receive this patch. This updates represent an out-of-cycle release.

The Adobe Security bulletin, Security Updates available for Adobe Reader and Acrobat, has additional information and links.

Saturday, April 16, 2011

Security Update Released for Adobe Flash Player

On April 15, 2011 Adobe released a Security advisory called Security update available for Adobe Flash Player that announced the availability of an update to their Flash Player 10 software.

Note: There are reports that this vulnerability is being exploited in the wild in targeted attacks via a malicious Web page, or a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment, targeting the Windows platform. The advisory states in part:

Summary
A critical vulnerability has been identified in Adobe Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.2.156.12 and earlier versions for Android. This vulnerability (CVE-2011-0611), as referenced in Security Advisory APSA11-02, could cause a crash and potentially allow an attacker to take control of the affected system.

Action Required: Ag IT recommends that you update the Adobe Flash Player on your Enterprise machine (or other devices that use Adobe Flash) to mitigate the effects of malicious SWF (Flash) files that you might view in your web browser, Word, or Excel file.

For steps, see our How To Install Updates to Adobe Flash Player, http://agsci.psu.edu/it/how-to/install-updates-to-adobe-flash-player.

Note: If you use multiple browsers, perform the check for each browser you have installed on your computer.