Accessibility

Security bulletin

Security Updates available for Adobe Reader and Acrobat

Release date: March 10, 2009

Last Updated: March 24, 2009

Vulnerability identifier: APSB09-03

CVE number: CVE-2009-0658

Platform: All Platforms

Summary

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe Reader 9.1 and Acrobat 9.1. Adobe recommends users of Acrobat 8 update to Acrobat 8.1.4, and users of Acrobat 7 update to Acrobat 7.1.1. For Adobe Reader users who can’t update to Adobe Reader 9.1, Adobe has provided the Adobe Reader 8.1.4 and Adobe Reader 7.1.1 updates. For more information, please refer to Security Bulletin APSB09-04.

Affected software versions

Adobe Reader 9 and earlier versions
Adobe Acrobat 9 Standard, Pro, and Pro Extended and earlier versions

Solution

Adobe Reader

Adobe recommends Adobe Reader users update to Adobe Reader 9.1, available here:
http://get.adobe.com/reader/

Users with Adobe Reader 7.0 through 8.1.3, who can’t update to Adobe Reader 9.1, should update to Adobe Reader 8.1.4 or Adobe Reader 7.1.1, available from one of the following links:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix

Acrobat 9

Adobe recommends Acrobat 9 Standard and Acrobat 9 Pro users on Windows update to Acrobat 9.1, available at the following URLs:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4375
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4382

Adobe recommends Acrobat 9 Pro Extended users on Windows update to Acrobat 9.1, available here:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4381

Adobe recommends Acrobat 9 Pro users on Macintosh update to Acrobat 9.1, available here:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4374

Acrobat 8

Adobe recommends Acrobat 8 users on Windows update to Acrobat 8.1.4, available here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

Adobe recommends Acrobat 8 users on Macintosh update to Acrobat 8.1.4, available here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh

Adobe recommends Acrobat 3D Version 8 users on Windows update to Acrobat 3D Version 8.1.4, available here:
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows

Acrobat 7

Adobe recommends Acrobat 7 users on Windows update to Acrobat 7.1.1, available here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

Adobe recommends Acrobat 7 users on Macintosh update to Acrobat 7.1.1, available here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh

Adobe recommends Acrobat 3D Version 7 users on Windows update to Acrobat 3D Version 7.1.1, available here:
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows

Severity rating

Adobe categorizes this as a critical issue and recommends that users apply the update for their product installations.

Details

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. This issue is remotely exploitable. There are reports that this issue is being exploited.

Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe Reader 9.1 and Acrobat 9.1. Adobe recommends users of Acrobat 8 update to Acrobat 8.1.4, and users of Acrobat 7 update to Acrobat 7.1.1. For Adobe Reader users who can’t update to Adobe Reader 9.1, Adobe has provided the Adobe Reader 8.1.4 and Adobe Reader 7.1.1 updates. For more information, please refer to Security Bulletin APSB09-04. Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at the following URL: http://blogs.adobe.com/psirt or by subscribing to the RSS feed here: http://blogs.adobe.com/psirt/atom.xml

Revisions

March 24, 2009 – Advisory updated with information on Adobe Reader for Unix 9.1 and Adobe Reader for Unix 8.1.4 updates
March 18, 2009 – Advisory updated with information on Adobe Reader and Acrobat 8.1.4 and 7.1.1 updates
March 10, 2009 – Advisory first created