On Tuesday April 13th it’s not only the regular appointment for system administrators around the world to expect the latest bunch of monthly security updates from Microsoft, it will also be time for a scheduled quarterly update from Adobe for its reader and Acrobat products.
Adobe says that its upcoming update to Adobe Reader and Acrobat 9.3.2 and 8.2.2 will utilise its new updater technology on Windows and Mac – previously only enabled for selected beta-testers.
Windows users will find an option to “Automatically install updates” on their Preferences/Updater tab. Alternatively they can select “Automatically download updates, but let me choose when to install them” or “Do not download or install updates automatically” (These last two options are the only choices presently available on the Mac version).
Adobe’s Steve Gottwals describes the new updating feature as a demonstration that user security is a key priority for the company. It is hoped that in the future Adobe’s PDF-handling software will include a screen prompting end-users to select auto-update to ensure further updates occur automatically behind the scenes.
The majority of attacks we are seeing are exploiting software installations that are not up-to-date with the latest security fixes. We therefore believe that the automatic update option is the best choice for most end-users. We are currently evaluating options for the best long-term solution for users, which could involve presenting the user with an opt-in screen for the automatic update option as part of the next phase in the roll-out.
Chances are that these new update preferences will be more eagerly welcomed amongst home users than corporations – as firms often wish to test security updates before rolling them out across their entire organisation.
But the security community as a whole should probably give this new Adobe feature a thumbs-up – if the new feature works as advertised it sounds like it will definitely be a step in the right direction. Let us hope that more of Adobe’s customers will do a better job of keeping their systems up-to-date as a result of this enhancement.
It’s also of note that there is no news yet of an auto-updating facility for Flash – another Adobe technology that is frequently exploited by hackers. Lets hope that that isn’t too far away.
Although Tuesday’s Adobe updates will resolve critical security issues in its Acrobat and Reader products, it is not yet known if the currently high profile PDF /Launch security hole will be amongst them.