Adobe Critical Security Patch ComingAdobe Critical Security Patch Coming
The company plans to enable automatic updating without user intervention through a new software updater that comes with its security patch.
April 8, 2010
Adobe on Thursday said that it intends to release a critical security update for its Acrobat and Reader software next week, on Tuesday, April 13.
The company plans to address an undisclosed number of vulnerabilities in Adobe Reader 9.3.1 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.1 for Windows and Macintosh, and Adobe Reader 8.2.1 and Acrobat 8.2.1 for Windows and Macintosh.
A vulnerability identified last month in the ISO standard PDF specification, which can be used to trick users of PDF viewers like Adobe Reader and Foxit Reader into authorizing the execution an embedded executable, will not be addressed in next week's update.
"We are currently researching the best approach for this functionality in Adobe Reader and Acrobat, which we could conceivably make available during one of the regularly scheduled quarterly product updates," the company said on Tuesday.
The update will include an improved version of the software that Adobe uses to deliver its updates. The redesigned updater will give Windows users the option to automatically download and install Adobe updates. Macintosh users will continue to have to manually authorize the installation of updates that have been downloaded automatically.
"Adobe has no plans to activate the automatic update option by default without prior user consent," the company explained in an online post. "That said, the security of our users is a key priority for Adobe. The majority of attacks we are seeing are exploiting software installations that are not up-to-date with the latest security fixes. We therefore believe that the automatic update option is the best choice for most end-users."
A study published last year by Thomas Duebendorfer of Google Switzerland and Stefan Frei, then with the Swiss Federal Institute of Technology, found that the automatic, silent update mechanism used by Google Chrome provided better Web browser security that the update methods used in competing browsers that involved user notification and authorization.
Read more about:2010
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023