Adobe Security Bulletin APSA08-01

(imported topic written by SystemAdmin)

Adobe Security Bulletin APSA08-01

Adobe released security bulletin APSA08-01 on February 7, 2008 for Adobe Reader/Acrobat < v8.1.2. The update to v8.1.2 included several fixes, including some which could be exploited.

For details about bulletin APSA08-01, please see:

http://www.adobe.com/uk/support/security/advisories/apsa08-01.html

Based on the article if you have a version of 7.0.9 and earlier, Adobe does not currently have a patch.

For 8.x, the recommendation for Adobe Reader is to upgrade to v8.1.2. There’s a fixlet for that in the “Updates for Windows Applications” site.

For Adobe Acrobat Standard and Professional, you need incrementally patch to v8.1.2. Currently there’s 3 fixlets for this in the “Updates for Windows Applications” site.

Adobe Acrobat 8.1 Available - Adobe Acrobat 8.0

Adobe Acrobat 8.1.1 Available - Adobe Acrobat 8.1.0

Adobe Acrobat 8.1.2 Available - Adobe Acrobat 8.1.1

The 8.1.1 patch from 8.1.0 is marked as critical. The other two are set as “”. Shouldn’t all 3 be marked as a critical update?

-Paul

(imported comment written by BenKus)

Hey Paul,

This is always tricky for us because our “Source Severity” column is supposed to reflect the vendor’s classification of the patch. We don’t normally re-classify the patch on the vendor’s behalf so if Adobe releases 2 patches and then a “critical” patch like you mentioned, we simply reflect each patch’s severity as specified by Adobe.

Ben

(imported comment written by SystemAdmin)

Hi Ben,

Ok, that’s fine, but BF has the 8.1.2 patch as “”, where it should be critical based on Adobe’s classification in APSA08-01.

Paul

(imported comment written by Sam_Lam91)

Hi Paul,

Indeed, Adobe’s information page for the 8.1.2 update (http://www.adobe.com/support/downloads/detail.jsp?ftpID=3849) does not explicate any Source Severity information, hence our having labeled the fixlet’s Source Severity as . You’re correct in that the bulletin APSA08-01 which is covered by the 8.1.2 update

is

explicated as Critical. Thus we’ve updated the Source Severity for our “Adobe Acrobat 8.1.2 Available - Adobe Acrobat 8.1.1” fixlet so that it is labeled as Critical.

Thanks for pointing this out, and tell us if the update doesn’t show up for you.

Cheers!

Sam