As you may know, Adobe shares Microsoft Patch Day. Today they released two security bulletins; one for Reader and Acrobat, and another for Robohelp. That said, these are pretty minor updates that won’t affect everyone.
The Reader and Acrobat update is probably the one you should pay closest attention to. However, it’s actually only an update for the newest version of Reader and Acrobat, called XI (11.0.0.4). The update doesn’t fix a new flaw, rather it fixes a regression of an old flaw. Reader XI reintroduced an issue with its javascript security controls. In short, if you have Reader X or lower, you’re fine. You only have to consider this update if you’re running the latest version.
The second Adobe update involves a more critical flaw, but only affects a product that few people use. Robohelp is a tool that allows people to create and publish web content for their products. It suffers from unspecified memory corruption vulnerability that attackers can leverage to remotely execute code. If you use Robohelp, this is a serious flaw, and you should update as soon as you can. However, I suspect few of my readers use Robohelp.
So to summarize, this month’s Adobe patch day is rather light, and involves limited products. If you happen to use the affected software, you should still update, but I’m guessing these issues will only affect a few of you. — Corey Nachreiner, CISSP (@SecAdept)