Update to Security Bulletin (APSB17-24)

The Security Bulletin (APSB17-24) published on August 8 regarding updates for Adobe Acrobat and Reader has been updated to reflect the availability of new updates as of August 29.

The August 29 updates resolve a functional regression with XFA forms functionality that affected some users, as well as provide a resolution to security vulnerability CVE-2017-11223.  This CVE was originally addressed in the August 8 updates (versions 2017.012.20093, 2017.011.30059 and 2015.006.30352). Due to a functional regression in those releases, optional hotfixes [0,1,2] were offered to affected customers that temporarily reverted the fix for CVE-2017-11223. The August 29 releases resolve both the functional regression and provide a fix for CVE-2017-11223.

At this time, Adobe is not aware of exploits in the wild for CVE-2017-11223, or any of the other issues addressed in the August 8 or August 29 releases.


[0] Hotfix for 2017.012.20093

[1] Hotfix for 2017.011.30059

[2] Hotfix for 2015.006.30352

This posting is provided “AS IS” with no warranties and confers no rights.

via Adobe Product Security Incident Response Team (PSIRT) Blog http://ift.tt/KXW6Nh August 29, 2017 at 07:18PM