Adobe has issued a range of patches for its most popular software to head off malware-pushing assaults that use poisoned PDF files to trigger a flaw in Flash.
According to Symantec, attacks may not be limited to using PDF files. Web-based attacks against the Flash flaw could potentially allow for a drive-by-download, so these are fixes most everyone will want ASAP.
Start with Flash: you can check your current version at Adobe’s site, but unless you’ve already updated today you’ll almost certainly need the fix. Anyone with 10.0.22.87 or earlier will need to download and install version 10.0.32.18, or wait to be prompted by Flash’s auto-update. Updates are available for Windows, Mac and Linux, but the Solaris version is still pending, according to Adobe’s security bulletin.
If you’re stuck with version 9 for some reason, you’ll need to download version 18.104.22.168.
When you’re done with the Flash fix, move on to the Reader update. For that you can open Reader and select Tools | Check for Updates, or head to the download pages for Windows, Macs or UNIX.
For Acrobat Standard and Pro on Windows, here’s your update. Acrobat Pro Extended on Windows and Acrobat Pro on Macs need a fix as well.
A new Adobe AIR rounds out the patch bonanza. Adobe says anyone with version 1.5.1 or earlier (presumably all users) will need to download version 1.5.2.