Adobe Reader 9.1 is available.

Download:
http://download.adobe.com/pub/adobe/...r910_en_US.exe
(English version)
Other languages: ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1/
(click on the appropriate language to get to the download link)


No details are currently available about the nature of this update, but
most likely it fixes the recent security vulnerability
(http://www.adobe.com/support/securit...apsa09-01.html).

Pat Willener wrote:
> Adobe Reader 9.1 is available.
>
> Download:
> http://download.adobe.com/pub/adobe/...r910_en_US.exe
> (English version)
> Other languages: ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1/
> (click on the appropriate language to get to the download link)
>
>
> No details are currently available about the nature of this update, but
> most likely it fixes the recent security vulnerability
> (http://www.adobe.com/support/securit...apsa09-01.html).

Thanks, Pat

Uninstalled previous build and re-booted just to be sure I had a clean install.
<rant>
Huge install for third-party software !
Clueless users or the unaware *will* get the Google Toolbar !
</rant>


--
Randy
<http://msmvps.com/blogs/siljaline/default.aspx>

aren't they suppose to be issuing the patch for adobe 9/8 on march 12th?
I guess we have to wait and see
robin


"Randy Knobloch" <(E-Mail Removed)> wrote in message
news:#(E-Mail Removed)...
> Pat Willener wrote:
>> Adobe Reader 9.1 is available.
>>
>> Download:
>> http://download.adobe.com/pub/adobe/...r910_en_US.exe
>> (English version)
>> Other languages: ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1/
>> (click on the appropriate language to get to the download link)
>>
>>
>> No details are currently available about the nature of this update, but
>> most likely it fixes the recent security vulnerability
>> (http://www.adobe.com/support/securit...apsa09-01.html).
>
> Thanks, Pat
>
> Uninstalled previous build and re-booted just to be sure I had a clean
> install.
> <rant>
> Huge install for third-party software !
> Clueless users or the unaware *will* get the Google Toolbar !
> </rant>
>
>
> --
> Randy
> <http://msmvps.com/blogs/siljaline/default.aspx>
>
>

robinb wrote:
> aren't they suppose to be issuing the patch for adobe 9/8 on march 12th?
> I guess we have to wait and see

The patch-update was scheduled for today, Robin.
See advisory as Pat had originally posted >
<http://www.adobe.com/support/security/advisories/apsa09-01.html>

--
Randy
<http://msmvps.com/blogs/siljaline/default.aspx>

See the new Security Bulletin regarding the details of 9.1, as well as
the schedule for 8.x and 7.x:

http://www.adobe.com/support/securit...apsb09-03.html

robinb wrote:
> aren't they suppose to be issuing the patch for adobe 9/8 on march 12th?
> I guess we have to wait and see
> robin
>
>
> "Randy Knobloch" <(E-Mail Removed)> wrote in message
> news:#(E-Mail Removed)...
>> Pat Willener wrote:
>>> Adobe Reader 9.1 is available.
>>>
>>> Download:
>>> http://download.adobe.com/pub/adobe/...r910_en_US.exe
>>> (English version)
>>> Other languages: ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1/
>>> (click on the appropriate language to get to the download link)
>>>
>>>
>>> No details are currently available about the nature of this update, but
>>> most likely it fixes the recent security vulnerability
>>> (http://www.adobe.com/support/securit...apsa09-01.html).
>> Thanks, Pat
>>
>> Uninstalled previous build and re-booted just to be sure I had a clean
>> install.
>> <rant>
>> Huge install for third-party software !
>> Clueless users or the unaware *will* get the Google Toolbar !
>> </rant>

Pat Willener wrote:
> See the new Security Bulletin regarding the details of 9.1, as well as
> the schedule for 8.x and 7.x:
>
> http://www.adobe.com/support/securit...apsb09-03.html

Thanks, Pat - nice to hear from the horse's mouth at last.


--
Randy
<http://msmvps.com/blogs/siljaline/default.aspx>

"Dave M" <dpmoELEVENerATnetscapeDOTnet> wrote in message
news:(E-Mail Removed)...
> Pat Willener wrote:
>> See the new Security Bulletin regarding the details of 9.1, as well as
>> the schedule for 8.x and 7.x:
>>
>> http://www.adobe.com/support/securit...apsb09-03.html
>>
>> robinb wrote:
>>> aren't they suppose to be issuing the patch for adobe 9/8 on march
>>> 12th? I guess we have to wait and see
>>> robin
>>>
>>>
>>> "Randy Knobloch" <(E-Mail Removed)> wrote in message
>>> news:#(E-Mail Removed)...
>>>> Pat Willener wrote:
>>>>> Adobe Reader 9.1 is available.
>>>>>
>>>>> Download:
>>>>> http://download.adobe.com/pub/adobe/...r910_en_US.exe
>>>>> (English version)
>>>>> Other languages: ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1/
>>>>> (click on the appropriate language to get to the download link)
>>>>>
>>>>>
>>>>> No details are currently available about the nature of this
>>>>> update, but most likely it fixes the recent security vulnerability
>>>>> (http://www.adobe.com/support/securit...apsa09-01.html).
>>>>> Thanks, Pat
>>>>
>>>> Uninstalled previous build and re-booted just to be sure I had a
>>>> clean install.
>>>> <rant>
>>>> Huge install for third-party software !
>>>> Clueless users or the unaware *will* get the Google Toolbar !
>>>> </rant>
>

> Anyone else besides me wondering if it's safe to turn on JavaScript in
> Adobe Reader again after this update?

Hi Dave,

If you've installed Adobe Reader version 9.1 you shouldn't have any
reservations about turning JavaScript back on.

http://www.adobe.com/support/securit...apsa09-01.html
Vulnerability identifier: APSA09-01
CVE number: CVE-2009-0658
"Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and
Acrobat"

Adobe Reader version 9.1 resolves the security issue detailed above CVE
number: CVE-2009-0658
http://blogs.adobe.com/psirt/

Good luck,

Donald Anadell


>
> "Reports have been published that disabling JavaScript in Adobe Reader and
> Acrobat can protect users from this issue. Disabling JavaScript provides
> protection against currently known attacks. However, the vulnerability is
> not in the scripting engine and, therefore, disabling JavaScript does not
> eliminate all risk. Should users choose to disable JavaScript, it can be
> accomplished following the instructions below:
> 1.. Launch Acrobat or Adobe Reader.
> 2.. Select Edit>Preferences
> 3.. Select the JavaScript Category
> 4.. Uncheck the 'Enable Acrobat JavaScript' option
> 5.. Click OK "
> - http://www.adobe.com/support/securit...apsa09-01.html
>
> _
>
> Regards, Dave
>
>
>

So at about the time you posted this, I'd just completed patching my
collection of machines for the Microsoft patches.

I sure wish I'd had this one before I began that process--because it is on
every one of them, of course!

My understanding is that this does fix the outstanding security
vulnerability, so everyone using Adobe Reader should watch for updates for
their versions and apply them.

I believe Adobe has said that other versions will be patched by the 18th or
so...


"Pat Willener" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Adobe Reader 9.1 is available.
>
> Download:
> http://download.adobe.com/pub/adobe/...r910_en_US.exe
> (English version)
> Other languages: ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1/ (click
> on the appropriate language to get to the download link)
>
>
> No details are currently available about the nature of this update, but
> most likely it fixes the recent security vulnerability
> (http://www.adobe.com/support/securit...apsa09-01.html).


--

two thoughts:

1) there were later reports that indicated that simply turning javascript
off DID NOT mitigate this vulnerability.
2) If you don't need it on, turning it off shouldn't hurt anything. OTOH,
issues like this tend to result in perplexity when you DO need javascript
and have no idea why something is failing, months later.


"Dave M" <dpmoELEVENerATnetscapeDOTnet> wrote in message
news:(E-Mail Removed)...
> Pat Willener wrote:
>> See the new Security Bulletin regarding the details of 9.1, as well as
>> the schedule for 8.x and 7.x:
>>
>> http://www.adobe.com/support/securit...apsb09-03.html
>>
>> robinb wrote:
>>> aren't they suppose to be issuing the patch for adobe 9/8 on march
>>> 12th? I guess we have to wait and see
>>> robin
>>>
>>>
>>> "Randy Knobloch" <(E-Mail Removed)> wrote in message
>>> news:#(E-Mail Removed)...
>>>> Pat Willener wrote:
>>>>> Adobe Reader 9.1 is available.
>>>>>
>>>>> Download:
>>>>> http://download.adobe.com/pub/adobe/...r910_en_US.exe
>>>>> (English version)
>>>>> Other languages: ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1/
>>>>> (click on the appropriate language to get to the download link)
>>>>>
>>>>>
>>>>> No details are currently available about the nature of this
>>>>> update, but most likely it fixes the recent security vulnerability
>>>>> (http://www.adobe.com/support/securit...apsa09-01.html).
>>>>> Thanks, Pat
>>>>
>>>> Uninstalled previous build and re-booted just to be sure I had a
>>>> clean install.
>>>> <rant>
>>>> Huge install for third-party software !
>>>> Clueless users or the unaware *will* get the Google Toolbar !
>>>> </rant>
>
> Anyone else besides me wondering if it's safe to turn on JavaScript in
> Adobe Reader again after this update?
>
> "Reports have been published that disabling JavaScript in Adobe Reader and
> Acrobat can protect users from this issue. Disabling JavaScript provides
> protection against currently known attacks. However, the vulnerability is
> not in the scripting engine and, therefore, disabling JavaScript does not
> eliminate all risk. Should users choose to disable JavaScript, it can be
> accomplished following the instructions below:
> 1.. Launch Acrobat or Adobe Reader.
> 2.. Select Edit>Preferences
> 3.. Select the JavaScript Category
> 4.. Uncheck the 'Enable Acrobat JavaScript' option
> 5.. Click OK "
> - http://www.adobe.com/support/securit...apsa09-01.html
>
> _
>
> Regards, Dave
>
>
>


--

Adobe Acrobat and Reader 9.1 Release Notes:

http://www.adobe.com/go/kb408814

Pat Willener wrote:
> Adobe Reader 9.1 is available.
>
> Download:
> http://download.adobe.com/pub/adobe/...r910_en_US.exe
> (English version)
> Other languages: ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1/
> (click on the appropriate language to get to the download link)
>
>
> No details are currently available about the nature of this update, but
> most likely it fixes the recent security vulnerability
> (http://www.adobe.com/support/securit...apsa09-01.html).