Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Adobe out-of-cycle Updates - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe out-of-cycle Updates

Adobe is planning to release critical updates on August 19, 2010 for Adobe Reader 9.3.3 for Windows, Macintosh and Unix as well as the Adobe Acrobat 9.3.3 for Windows and Macintosh and an update for Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh covered in security bulletin APSB10-17. An update for Adobe Flash Player published in security bulletin APSB10-16 will be released as well.

Affected Software

Adobe Reader 9.3.3 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3.3 and earlier versions for Windows and Macintosh
Adobe Flash Player and earlier versions for Windows, Macintosh, Linux, and Solaris



Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org


522 Posts
ISC Handler
Aug 18th 2010
Those updates were released a little over a week ago.

6 Posts
ComputerX - The updates on APSB10-17 have not been released yet...

"Adobe expects to make these updates available on Thursday August 19, 2010."
Ken B

4 Posts
@Ken Good point. I was looking at the first paragraph, which is about APSB10-16. I was surprised when the patches I downloaded were the version I pushed a week ago.

I don't pay much attention to Reader versions. I have (reluctantly) gone to Foxit as a pdf viewer because of the difficulty I have had dealing with Adobe's MSPs. I don't know why. I don't have any trouble repackaging other software, but Adobe's packages often act weird for me.

6 Posts
Note that the download page has recently become more insistent on you installing their worthless downloader plugin. The direct link to the download is no longer on the same page.

Instead you can find it here:

@Ken - I am trying to move to Foxit as well, as it has a lot smaller footprint and should not be as easy (read: popular) to target as Adobe Reader.

But for many users there is a need to stay with Adobe for application integration. So if you want to look at the Adobe MSPs again they have a good article here which explains how security updates will break (!) the administrative installation points.

Due to the intentional difference between "Security" and "Quarterly" Updates, IT professionals who want to deploy Acrobat or Reader products from an Administration Installation Point (AIP) must follow the guidelines noted below.

AIP Creation: Quarterly Updates cannot be applied to an AIP in which a Security Update was the most recently applied Update. Therefore, to deploy a new full Quarterly Update from an AIP, create an AIP (or use previous) which includes only Quarterly Updates.

70 Posts

Sign Up for Free or Log In to start participating in the conversation!