Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
News
Security News Archives
2008
November
Security Alert - Virus Emails - You've received A Hallmark E-Card!
Security Alert - Critical Microsoft Security Update MS08-067 for Windows Users
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Training & Education
Technical Support & Services
Campus Partners
Information Security Office (ISO)

Security Alert: Adobe Reader & Acrobat 9 and Flash Player 10 Security Update

Who:  Windows, Mac & Linux Users

What:  Adobe Reader, Acrobat, and Flash Player vulnerability allows attackers to take control of your machine

When:  November 17, 2008

How:
Windows, Mac and Linux users running Adobe Reader and Acrobat 8.1.2 and older or Flash player 9.0.124.0 and older are vulnerable to exploits.  Without the security upgrade, an authorized attacker may take complete control of an affected system by convincing the user to open a maliciously crafted Portable Document Format (PDF) file or Flash file. The Adobe Reader & Acrobat vulnerabilities are actively being attacked through e-mail and malicious or compromised web sites.

If you suspect your computer has already been compromised, STOP! Read and follow Responding to a Compromised Computer.

If your computer is managed by a Carnegie Mellon departmental computing administrator, please consult that person before making any system changes.

What You Need To Do:

NOTE: You must login with an administrative account/password to complete steps marked with ***

  1. Upgrade to Adobe Reader 9***
    Download and install the latest version of Adobe Reader from Adobe Products - Reader.
  2. Upgrade to Adobe Flash Player 10***
    Download and install the latest version of Adobe Flash from Adobe Products - Flash Plyer.
  3. Repeat step 2 to update the Flash Player plug-in for each other web browser you use (i.e. Internet Explorer, Explorer, Firefox, Safari, etc...)
  4. Apply Adobe Acrobat 8.1.3 Professional, Standard, and 3D update. Download and install the update from Windows or Mac.

More Technical Information:

Visit US-CERT technical alert
http://www.us-cert.gov/cas/techalerts/TA08-309A.html

Visit Adobe Security Advisories for Adobe Reader and Acrobat
 http://www.adobe.com/support/security/bulletins/apsb08-19.html

Visit Adobe Security Advisories for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb08-18.html

Contact:
Please direct any questions or comments to the Computing Services Help Center at x8-HELP (4357) or advisor@andrew.cmu.edu, or to your departmental administrator or DSP consultant.