As expected, Adobe has released critical security bulletins for Adobe Flash, Air, Reader and Acrobat.

APSB11-05 was released yesterday addressing a vulnerability (CVE-2011-0609) that is currently being exploited in the wild.  It is important to address this vulnerability on your network as soon as possible.  This security bulletin affects Adobe Flash Player 10 and Adobe Air 2.5.

APSB11-06 was also released and addresses the same vulnerability in Adobe Reader and Acrobat.  According to Adobe, there are no reports of active attacks on this vulnerability.  However, this should be patched as soon as possible.  This security bulletin affects Adobe Reader/Acrobat 9.4.2 and Adobe Acrobat/Reader 10.0.1.

Now this is where it gets confusing for some people (including me).  Last week, Adobe announced the security bulletin for Adobe Reader 10 would be released in the next scheduled security release in June 2011.  If you read the bulletin page for APSB11-06, the article states:

“Adobe recommends users of Adobe Acrobat X (10.0.1) for Windows and Macintosh update to Adobe Acrobat X (10.0.2).”

Adobe is contradicting with this statement.  Keep an eye on Adobe Reader/Acrobat 10 to see if they actually update this vulnerability sooner than later.

- Jason Miller