The rushed state of the release indicates that the issue gets actively exploited which is confirmed in Adobe’s Security Bulletin that mentions that the issue is being actively exploited in the wild. Attackers may be able to crash the application on the computer and take control of the affected system in the process. Upgrading is the only way of protecting the computer from those vulnerabilities.

Adobe recommends users of Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.4. (For Adobe Reader users on Windows and Macintosh,
who cannot update to Adobe Reader 9.4, Adobe has provided the Adobe Reader 8.2.5 update.) Adobe recommends users of Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.4. Adobe recommends users of Adobe Acrobat 8.2.4 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.2.5.

This accelerated patch breaks Adobe’s quarterly patch day that is set for every second Tuesday of each quarter of the year to fall in line with Microsoft’s Patch Tuesday. Interested users can take a closer look at the Security Bulletin, or point their web browsers to Get Adobe Reader right away to download the latest version of the pdf reader. Updates are also available directly in the program (by clicking on Help > Check for Updates).

The out-of-cycle update outlines the severity of the vulnerabilities that have been parched in the version, as Adobe usually releases updates in a three month cycle.

The updates address previously disclosed security vulnerabilities at the Black Hat USA 2010 conference on July 28, and furthermore incorporate the Adobe Flash Player update noted in the security bulletin released in July.

Adobe recommends users of Adobe Reader 9.3.3 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.4. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.3.4, Adobe has provided the Adobe Reader 8.2.4 update.) Adobe recommends users of Adobe Acrobat 9.3.3 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.4. Adobe recommends users of Adobe Acrobat 8.2.3 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.2.4.

Adobe Reader and Acrobat users are asked to update their pdf reader as soon as possible to protect their computer system from exploits that can lead to remote code execution.

Adobe Reader
Users can utilize the product’s update mechanism. The default configuration is set to run automatic update checks on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Adobe Reader users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.

Adobe Reader users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.

Adobe Reader users on UNIX can find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix.

Note: Adobe Reader 9.3.4 for Windows, Macintosh and UNIX will be available from the Adobe Reader Download Center at http://get.adobe.com/reader/ by August 31, 2010.

Adobe Acrobat
Users can utilize the product’s update mechanism. The default configuration is set to run automatic update checks on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Acrobat Standard and Pro users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.

Acrobat Pro Extended users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows.

Acrobat 3D users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows.

Acrobat Pro users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.

More information available at Adobe’s Security Bulletin.

The security bulletin sheds some light on the security issues that have been fixed in the release. A total of 17 different vulnerabilities have been fixed in Adobe Reader 9.3.3. Adobe has categorized the update as critical and recommends that users apply the latest updates immediately to protect their computer systems.

Exploits of any security vulnerability that has been patched in the update can lead to code execution on the affected system.

Adobe confirmed that at least one of the security vulnerabilities is actively exploited in the wild.

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1297).
Note: There are reports that this issue is being actively exploited in the wild.

This update mitigates a social engineering attack that could lead to code execution (CVE-2010-1240).

This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-1285).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1295).

This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2168).

This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2201).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2202).

This update resolves a UNIX-only memory corruption vulnerability that could lead to code execution (CVE-2010-2203).

This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-2204).

This update resolves an uninitialized memory vulnerability that could lead to code execution (CVE-2010-2205).

This update resolves an array-indexing error vulnerability that could lead to code execution (CVE-2010-2206).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2207).

This update resolves a dereference deleted heap object vulnerability that could lead to code execution (CVE-2010-2208).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2209).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2210).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2211).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2212).

Adobe Reader 9.3.3 and Acrobat 9.3.3 are available for download at the Adobe website. Also available are Adobe Reader 8.2.3 and Adobe Acrobat 8.2.3 which both fix the security issues as well.

The critical vulnerabilities are affecting all operating systems that Adobe Reader is compatible with (Microsoft Windows, Apple Macintosh and Unix based) and versions of Adobe Reader 9.3.1 and Adobe Acrobat 9.3.1 or earlier.

The critical nature of the vulnerabilities requires immediate attention from users who have affected software versions installed on their computer systems.

Adobe is offering the update through various channels. It is possible to check for updates from within the pdf readers by clicking on Help > Check for updates or to download the updates from the official Adobe website.

Adobe Reader users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.

Adobe Reader users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.

Adobe Reader users on UNIX can find the appropriate update here:
ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/9.3.2/.

The update is still separated from the full version of Adobe Reader that is offered on the Adobe homepage. There is still no full version of Adobe Reader 9.3.2 available on the Adobe homepage which still offers Adobe Reader 9.3.0 to visitors.

Users who want to find out more about the security vulnerabilities can check out the security bulletin that contains detailed information about the vulnerabilities that are closed with the new release.

Today a critical vulnerability was disclosed that is affecting all Adobe Reader 9.3 and earlier and Adobe Acrobat 9.3 and earlier versions on Windows and Macintosh. The Adobe Reader 9.3 or earlier Unix versions are also vulnerable.

As described in Security Bulletin APSB10-06, this vulnerability (CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests. In addition, a critical vulnerability (CVE-2010-0188) has been identified that could cause the application to crash and could potentially allow an attacker to take control of the affected system.

In addition, a critical vulnerability (CVE-2010-0188) has been identified that could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe has reacted promptly this time as updates for Adobe Reader and Acrobat are already available for download and installation. It is suggested to download the new releases as soon as possible to protect the computer system from the security vulnerability.

The security bulletin posted at the Adobe website contains download links for all supported operating systems.

Downloads are available for both Adobe Reader and Acrobat at the Adobe website for Windows, Mac and Unix. Acrobat users find download links for their product in the Adobe Security Bulletin which also contains details about the vulnerabilities that have been patched.

Our reader Paulus mentioned that the light version of Adobe Reader – called Adobe Reader Lite – is already available at various download sites including Major Geeks. Adobe Reader Lite is a third party project that removes several modules of Adobe Reader which are usually not needed by most users including popups and plugins.

Users who only want PDF reader capabilities can also take a look at Adobe Reader alternatives which are usually much faster than the original and more secure as well as they are not that targeted by hackers yet. Viable options include Foxit PDF Reader or muPDF.