Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Sponsored By
Adobe Critical Security Patch ComingAdobe Critical Security Patch Coming
The company plans to enable automatic updating without user intervention through a new software updater that comes with its security patch.
Thomas Claburn
April 8, 2010
2 Min Read
Adobe on Thursday said that it intends to release a critical security update for its Acrobat and Reader software next week, on Tuesday, April 13.
The company plans to address an undisclosed number of vulnerabilities in Adobe Reader 9.3.1 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.1 for Windows and Macintosh, and Adobe Reader 8.2.1 and Acrobat 8.2.1 for Windows and Macintosh.
A vulnerability identified last month in the ISO standard PDF specification, which can be used to trick users of PDF viewers like Adobe Reader and Foxit Reader into authorizing the execution an embedded executable, will not be addressed in next week's update.
"We are currently researching the best approach for this functionality in Adobe Reader and Acrobat, which we could conceivably make available during one of the regularly scheduled quarterly product updates," the company said on Tuesday.
The update will include an improved version of the software that Adobe uses to deliver its updates. The redesigned updater will give Windows users the option to automatically download and install Adobe updates. Macintosh users will continue to have to manually authorize the installation of updates that have been downloaded automatically.
"Adobe has no plans to activate the automatic update option by default without prior user consent," the company explained in an online post. "That said, the security of our users is a key priority for Adobe. The majority of attacks we are seeing are exploiting software installations that are not up-to-date with the latest security fixes. We therefore believe that the automatic update option is the best choice for most end-users."
A study published last year by Thomas Duebendorfer of Google Switzerland and Stefan Frei, then with the Swiss Federal Institute of Technology, found that the automatic, silent update mechanism used by Google Chrome provided better Web browser security that the update methods used in competing browsers that involved user notification and authorization.
Read more about:
2010About the Author(s)
You May Also Like
More Insights
Webinars
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023
Events
