Network News

X My Profile
View More Activity

Adobe Issues Security Updates for Reader, Acrobat

Adobe Systems Inc. on Tuesday released security updates to remedy at least 13 security flaws in its PDF Reader and Acrobat software. Updates are available for Mac and Windows versions of both programs.

adob912.jpg

Last month, Adobe said it would begin rolling out security updates every three months, and yesterday was the first installment under that program, which is timed to coincide with Microsoft's Patch Tuesday in a bid to lighten the load on businesses that have to test these patches before deploying them.

The latest update brings both Reader and Acrobat to version 9.1.2. Users can grab the latest versions via the updater built-in to the programs (from the menu, click "Help," then "Check for Updates") or from the links in the accompanying security advisory for this rollup.. Adobe said security updates for Adobe Reader on the UNIX platform will be available on June 16, 2009.

By Brian Krebs  |  June 10, 2009; 1:30 PM ET
Categories:  New Patches  | Tags: acrobat, adobe reader  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft Issues Record Number of Security Updates
Next: Spear-Phishing Gang Resurfaces, Nets Big Catch

Comments

There was also a patch released to update Adobe Reader 8 to version 8.1.6

Posted by: bokamba | June 10, 2009 2:39 PM | Report abuse

How about telling us where we get the security updates? Or don't we get patches at all, but rather a new version of the Reader that contains the updates. It would be nice if you'd inform us, because Adobe certainly doesn't care to do so. I dare you to discover exactly which version you are downloading before you've installed it. Or should we update from within the program, perhaps? A basic piece of info, please.

Posted by: GordonDR | June 11, 2009 2:02 AM | Report abuse

I just use "Help / Check for Updates"

Posted by: moike | June 11, 2009 7:59 AM | Report abuse

I have two XP computers and two running Ubuntu 8.04. That so many security updates are needed for MS and some related products calls attention to the error-prone edifice MS built upon unix. A parallel is found amid many pharmaceuticals: marketing efficacy is far more important than treatment efficacy or, in regard to MS, marketing efficacy is far more important than minimum-error program designs. I turn on my XPs periodically so as to enjoy the hassle of installing all the fixes.

Posted by: TeresaBinstock | June 11, 2009 9:17 AM | Report abuse

Brian, I wrote in to one of your chats complaining about Adobe pushing insecure versions of Adobe Reader in the default download:

http://get.adobe.com/reader/

They're still doing this (the default is still 9.1.0).

They really deserve to be publicly ripped for this, by, say, a leading security expert who writes for a large newspaper.

As I said before, readers of Security Fix of course know to update their software after installing it. Not everyone does. Adobe's practice of deliberately pushing security flawed software needs to stop.

Posted by: burke2 | June 11, 2009 11:54 AM | Report abuse

Burke -- I actually followed up with Adobe on this a few days ago. Here was their response:

Adobe Reader 9.1.1 for Windows and Mac is a "patch" that requires Adobe Reader 9.1 (a full installer) to be present. This is the reason users are offered Adobe Reader 9.1 via the "Get Adobe Reader" page on our site. Once Adobe Reader 9.1 is installed, the Adobe Updater will subsequently offer the Adobe Reader 9.1.1 patch. Or, alternately, the end user can manually apply the patch via the Product updates section of our web site. For the Adobe Reader 9.1.1 patch for Windows, this page is located at: http://www.adobe.com/support/downloads/detail.jsp?ftpID=4452; for Mac, it is located at: http://www.adobe.com/support/downloads/detail.jsp?ftpID=4453. You'll see a note near the top of these two pages, as well as discussion in the Installation Instructions section of the pages, that covers the above.

Posted by: BTKrebs | June 11, 2009 12:19 PM | Report abuse

Brian,

Thanks; I appreciate your bugging Adobe about this.

But this is still a lousy security practice on their part. There's no reason that they can't offer 9.1.2 patches (for example) to people who have earlier versions installed, but push 9.1.2 as the default full product.

They're depending on people updating their software after installation instead of just giving them the most secure version to begin with. That's needlessly giving people an opportunity to use insecure software.

Posted by: burke2 | June 11, 2009 12:30 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company