Update-to:
031109-01 "Adobe Acrobat and Reader update fixes vulnerability"
022009-01 "*UNPATCHED* Vulnerability affects Adobe Acrobat and Reader"

OS/Platform/Application:

Adobe Acrobat (Versions 7 and 8) on Windows Systems
Adobe Reader (Version 7 and 8) on Windows systems

Category: UPDATE
Severity: HIGH
Attention: Acrobat and Reader users, System Administrators, Desktop Support Personnel.

Summary: On March 18 2009 Adobe systems has released version 8.1.4 of its popular Acrobat and Reader applications.  These updates fix a critical vulnerability in the handling of PDF documents that was detailed in ALARM alert 022009-01 and 031109-01. 

NOTE: The newest available version of Acrobat and Reader is 9.1; this version is recommended by Adobe as the ideal version for all users.  Acrobat/reader 8.1.4 was released to address users who cannot or choose not to run version 9 of these applications.  If you are already running version 9.1 of Acrobat or reader you do not need to apply this update.

Recommended Actions:  Acrobat and Reader (version 8) users who do not wish to update to version 9.1 are encouraged to read the security bulletin and apply the update(s) as soon as possible.

NOTE for UNIX users:  According to the Adobe Security Bulletin "Adobe plans to make available Adobe Reader 9.1 for Unix by March 25."  Users of this version are encouraged to read the bulletin and apply the updates when they are made available from the vendor.

ITS Actions: N/A

Resources:

Adobe Security Bulletin (update links are included in the text of the bulletin):
http://www.adobe.com/support/security/bulletins/apsb09-04.html

Direct download link for Adobe Reader 8.1.4:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4408

ALARM Alert 022009-01 (provides info on original issue):
http://www.albany.edu/its/alerts_archive_2009_3942.htm

ALARM Alert 031109-01 (provides info on version 9.1 fix):
http://www.albany.edu/its/alerts_archive_2009_3953.htm