A week ago, I posted directions on extracting the .msi from Adobe Reader’s setup file and the same day Adobe announced a zero-day vulnerability in Adobe Flash that also affected Adobe Acrobat and Adobe Reader. The updates to Adobe Acrobat and Adobe Flash were released today while Adobe Reader X is pending the week of June 14, 2011 and banking on its sandboxing technology to protect itself until then.
Since this is a security update following a quarterly update, Adobe Acrobat deployments can be slip-streamed in order:
Acrobat 10.0.0 -> 10.0.1 -> 10.0.2
One serious side issue that this vulnerability seems to bring to light is the fragmentation of Adobe products. Reading the related Security Advisory, Adobe Flash has three different versions: its regular version, a different increment for Android, and a different version for the Chrome browser. It seems this will bring additional confusion to the system which makes it harder for IT Professionals to ensure their systems are properly patched and for Adobe to track which versions are vulnerable to new exploits. If this trend continues there could be additional version numbers for other mobile platforms like iOS and WP7 that adopt Flash. Hopefully this is on the roadmap for Adobe to address somehow. For now, it’s recommended to update Adobe Flash and Acrobat to the latest version to correct this vulnerability.