The release of the recent Flash update has resulted in providing a template for attackers to exploit a 0day in Acrobat and Reader. Adobe's pre-announcement states they attend to make the update available February 16, 2010. 

Users should make sure that Preview.app is the default application for PDF files. There is very little reason to use Acrobat Reader for PDF files. In addition users should install Click to Flash which is available for Safari and Chrome. If you update to he latest Beta of Chrome you can install Extensions, one which we like is Flash Block which as the name suggest blocks Flash content.

The lesson is there is always residual and new risk in any update cycle, your process and policies should deal with this risk. Information Assurance is all about risk management.

Update on Tuesday, February 16, 2010 at 09:27PM by drStrangeP0rk

Good news everyone, Adobe has released an update to Acrobat Reader and Acrobat. Users should visit the following link or select check for updates under the Help menu in Reader/Acrobat.

http://www.adobe.com/support/security/bulletins/apsb10-07.html