Adobe Critical Security Patch Coming

The company plans to enable automatic updating without user intervention through a new software updater that comes with its security patch.

Thomas Claburn, Editor at Large, Enterprise Mobility

April 8, 2010

2 Min Read

Adobe on Thursday said that it intends to release a critical security update for its Acrobat and Reader software next week, on Tuesday, April 13.

The company plans to address an undisclosed number of vulnerabilities in Adobe Reader 9.3.1 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.1 for Windows and Macintosh, and Adobe Reader 8.2.1 and Acrobat 8.2.1 for Windows and Macintosh.

A vulnerability identified last month in the ISO standard PDF specification, which can be used to trick users of PDF viewers like Adobe Reader and Foxit Reader into authorizing the execution an embedded executable, will not be addressed in next week's update.

"We are currently researching the best approach for this functionality in Adobe Reader and Acrobat, which we could conceivably make available during one of the regularly scheduled quarterly product updates," the company said on Tuesday.

The update will include an improved version of the software that Adobe uses to deliver its updates. The redesigned updater will give Windows users the option to automatically download and install Adobe updates. Macintosh users will continue to have to manually authorize the installation of updates that have been downloaded automatically.

"Adobe has no plans to activate the automatic update option by default without prior user consent," the company explained in an online post. "That said, the security of our users is a key priority for Adobe. The majority of attacks we are seeing are exploiting software installations that are not up-to-date with the latest security fixes. We therefore believe that the automatic update option is the best choice for most end-users."

A study published last year by Thomas Duebendorfer of Google Switzerland and Stefan Frei, then with the Swiss Federal Institute of Technology, found that the automatic, silent update mechanism used by Google Chrome provided better Web browser security that the update methods used in competing browsers that involved user notification and authorization.

Read more about:


About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights