14 DAY TRIAL // Adobe has released a series of Security Updates for its Adobe Reader and Acrobat software, which fix a total of 13 critical bugs and which were made available on Tuesday. This represents the first step in what will be a quarterly update cycle for Adobe products. The updates were previously issued as the bugs were fixed and usually for only one version, leaving the others still vulnerable.
“Starting this summer with the initial output of our security code hardening effort, we plan to release security updates for all major supported versions and platforms of Adobe Reader and Acrobat on a quarterly basis. Based on feedback from our customers, who have processes and resources geared toward Microsoft’s “Patch Tuesday” security updates, we will make Adobe’s quarterly patches available on the same days,” wrote Brad Arkin, software engineer at Adobe.
The latest updates address a series of vulnerabilities that allowed attackers to potentially take control of the affected system by using specially designed .pdf files. The updates are available for Adobe Reader and Acrobat versions 7, 8 and 9 and the latest editions will be 7.1.3, 8.1.6 and 9.1.2. The Windows and Mac versions are available for now with the Unix ones coming next week.
Attacks exploiting vulnerabilities in file format containers aren't very widespread but they can be potentially very damaging leaving users open to attacks they might not normally expect. Adobe has focused its efforts concerning the security of its products and has had some internal changes as well as a new way of distributing the patches.
“Since February, Adobe Reader and Acrobat engineers have been executing a major project focused on software security. Everything from our security team’s communications during an incident to our security update process to the code itself has been carefully reviewed. Security is an ongoing process, so while we believe our plan will eliminate or mitigate many potential security risks, we are also working to enhance our ability to respond to externally found vulnerabilities in Adobe Reader and Acrobat in the future.” said a member of the Adobe Secure Software Engineering Team.