Adobe Reader 9.1

  • Thread starter Thread starter Pat Willener
  • Start date Start date
P

Pat Willener

Pat said:
Adobe Reader 9.1 is available.

Download:
http://download.adobe.com/pub/adobe/reader/win/9.x/9.1/enu/AdbeRdr910_en_US.exe
(English version)
Other languages: ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1/
(click on the appropriate language to get to the download link)


No details are currently available about the nature of this update, but
most likely it fixes the recent security vulnerability
(http://www.adobe.com/support/security/advisories/apsa09-01.html).
Click to expand...

Thanks, Pat

Uninstalled previous build and re-booted just to be sure I had a clean install.
<rant>
Huge install for third-party software !
Clueless users or the unaware *will* get the Google Toolbar !
</rant>
 
aren't they suppose to be issuing the patch for adobe 9/8 on march 12th?
I guess we have to wait and see
robin
 
Dave M said:
Anyone else besides me wondering if it's safe to turn on JavaScript in
Adobe Reader again after this update?
Click to expand...

Hi Dave,

If you've installed Adobe Reader version 9.1 you shouldn't have any
reservations about turning JavaScript back on.

http://www.adobe.com/support/security/advisories/apsa09-01.html
Vulnerability identifier: APSA09-01
CVE number: CVE-2009-0658
"Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and
Acrobat"

Adobe Reader version 9.1 resolves the security issue detailed above CVE
number: CVE-2009-0658
http://blogs.adobe.com/psirt/

Good luck,

Donald Anadell
 
So at about the time you posted this, I'd just completed patching my
collection of machines for the Microsoft patches.

I sure wish I'd had this one before I began that process--because it is on
every one of them, of course!

My understanding is that this does fix the outstanding security
vulnerability, so everyone using Adobe Reader should watch for updates for
their versions and apply them.

I believe Adobe has said that other versions will be patched by the 18th or
so...


Pat Willener said:
Adobe Reader 9.1 is available.

Download:
http://download.adobe.com/pub/adobe/reader/win/9.x/9.1/enu/AdbeRdr910_en_US.exe
(English version)
Other languages: ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1/ (click
on the appropriate language to get to the download link)


No details are currently available about the nature of this update, but
most likely it fixes the recent security vulnerability
(http://www.adobe.com/support/security/advisories/apsa09-01.html).
Click to expand...


--
 
two thoughts:

1) there were later reports that indicated that simply turning javascript
off DID NOT mitigate this vulnerability.
2) If you don't need it on, turning it off shouldn't hurt anything. OTOH,
issues like this tend to result in perplexity when you DO need javascript
and have no idea why something is failing, months later.


Dave M said:
Anyone else besides me wondering if it's safe to turn on JavaScript in
Adobe Reader again after this update?

"Reports have been published that disabling JavaScript in Adobe Reader and
Acrobat can protect users from this issue. Disabling JavaScript provides
protection against currently known attacks. However, the vulnerability is
not in the scripting engine and, therefore, disabling JavaScript does not
eliminate all risk. Should users choose to disable JavaScript, it can be
accomplished following the instructions below:
1.. Launch Acrobat or Adobe Reader.
2.. Select Edit>Preferences
3.. Select the JavaScript Category
4.. Uncheck the 'Enable Acrobat JavaScript' option
5.. Click OK "
- http://www.adobe.com/support/security/advisories/apsa09-01.html

_

Regards, Dave
Click to expand...


--
 
NO--this is not a version 9 issue--it is probably an issue for EVERY version
of Adobe Reader and Acrobat.

Version 9 is just the first version they have issued a fix for--and not all
versions of 9, at that.




I note that this is a version 9 issue. I have Acrobat Pro 8.x through
CS3 and they haven't touched that since November.

Gene
Click to expand...


--
 
Back
Top