The Adobe update resolves a range of critical updates in Adobe Reader and Adobe Acrobat. Vulnerabilities patched include a cross-site scripting flaw, a memory corruption vulnerability, and a font handling problem, all of which could lead to the execution of arbitrary code. Buffer and heap-based overflow flaws were fixed, along with several denial-of-service vulnerabilities.
"During our quarterly update on January 12, 2010, and then again for an out-of-cycle update on February 16, 2010, we exercised the new updater with our beta testers," said Adobe's Steve Gottwals in a blog post preceding the quarterly patch. "This allowed us to test a variety of network configurations encountered on the internet in order to ensure a robust update experience. That beta process has been a successful one, and we've incorporated several positive changes to the end-user experience and system operation. Now, we're ready for the next phase of deployment."
This Adobe update is the second quarterly patch issued by Adobe. Prior to January this year, Adobe patched its flaws without any particular schedule, making it more difficult for enterprise customers to monitor patches and maintain up-to-date software versions.
This latest Adobe quarterly patch fixed 15 security flaws. The last scheduled patch, in January, fixed eight vulnerabilities, while the out-of-band patch in February fixed three in all.