A week ago, I posted directions on extracting the .msi from Adobe Reader’s setup file and the same day Adobe announced a zero-day vulnerability in Adobe Flash that also affected Adobe Acrobat and Adobe Reader. The updates to Adobe Acrobat and Adobe Flash were released today while Adobe Reader X is pending the week of June 14, 2011 and banking on its sandboxing technology to protect itself until then.
Adobe Acrobat X is now at version 10.0.2 and Flash is now at version 10.2.153.1. You can download the Acrobat 10.0.2 .msp file from the Adobe FTP Server. The Adobe Flash Player Installer is available from http://get.adobe.com/flashplayer/ or possibly more conveniently with direct links (instead of the Adobe DLM, getPlus, or McAfee Security scan garbage). The security bulletin released today with the updates goes into greater detail about the vulnerabilities and patching for other versions of Adobe Flash, Acrobat, and Reader. Flash is the only vulnerability currently known to have been exploited, commonly in the form of Flash .swf files embedded in Microsoft Excel files.
Since this is a security update following a quarterly update, Adobe Acrobat deployments can be slip-streamed in order:
Acrobat 10.0.0 -> 10.0.1 -> 10.0.2
One serious side issue that this vulnerability seems to bring to light is the fragmentation of Adobe products. Reading the related Security Advisory, Adobe Flash has three different versions: its regular version, a different increment for Android, and a different version for the Chrome browser. It seems this will bring additional confusion to the system which makes it harder for IT Professionals to ensure their systems are properly patched and for Adobe to track which versions are vulnerable to new exploits. If this trend continues there could be additional version numbers for other mobile platforms like iOS and WP7 that adopt Flash. Hopefully this is on the roadmap for Adobe to address somehow. For now, it’s recommended to update Adobe Flash and Acrobat to the latest version to correct this vulnerability.