Accessibility

Security bulletin

Security Updates available for Adobe Reader and Acrobat versions 9 and earlier

Release date: February 19, 2009

Last Updated: March 24, 2009

Vulnerability identifier: APSA09-01

CVE number: CVE-2009-0658

Platform: All platforms

Summary

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe has released the Adobe Reader 9.1 and Acrobat 9.1 product updates to resolve this security issue. Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe Reader 9.1 and Acrobat 9.1. Adobe recommends users of Acrobat 8 update to Acrobat 8.1.4, and users of Acrobat 7 update to Acrobat 7.1.1. For Adobe Reader users who can’t update to Adobe Reader 9.1, Adobe has provided the Adobe Reader 8.1.4 and Adobe Reader 7.1.1 updates. For more information, please refer to Security Bulletin APSB09-04 and Security Bulletin APSB09-03.

Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at the following URL: http://blogs.adobe.com/psirt or by subscribing to the RSS feed here: http://blogs.adobe.com/psirt/atom.xml

Affected software versions

Adobe Reader 9.0 and earlier versions
Adobe Acrobat Standard, Pro, and Pro Extended 9.0 and earlier versions

Severity rating

Adobe categorizes this as a critical issue and recommends that users update their virus definitions and exercise caution when opening files from untrusted sources.

Revisions

March 24, 2009 – Advisory updated with information on Adobe Reader for Unix 9.1 and Adobe Reader for Unix 8.1.4 updates
March 18, 2009 – Advisory updated with information on Adobe Reader and Acrobat 8.1.4 and 7.1.1 updates
March 10, 2009 – Advisory updated with information on Adobe Reader and Acrobat 9.1 updates
February 24, 2008 – Advisory updated
February 19, 2009 – Advisory first created