If you are a Ghacks regular you have without doubt noticed that Adobe has published an update for Adobe Reader and Adobe Acrobat yesterday that fixes two security vulnerabilities that affect Adobe Reader and Acrobat 9.3 and earlier.
The update that has been provided updates both products to version 9.3.1. One would think that this should have been the end of the story but it apparently is not.
The rather strange thing is that Adobe is still offering Adobe Reader 9.3.0 on their official download site, the version that the two security vulnerabilities have been detected in.
If you click on Get Adobe Reader on the official Adobe homepage you notice that they still offer Adobe Reader 9.3 and not the updated Adobe Reader 9.3.1. This in turn means that users who download Adobe Reader from Adobe install a software that has known security vulnerabilities.
Adobe offers the security update for Adobe Reader 9.3.0 on a separate page that is not directly linked to the pdf reader on the official download page.
It is not clear why Adobe has not released version 9.3.1 of Adobe Reader as a standalone download or why they are not including information about the security update on the official download page.
The only option users have at this point is to install Adobe Reader 9.3.0 and then the security update to patch the pdf reader to version 9.3.1.
Related Articles:
Adobe Offering Insecure Adobe Reader Version For Download, BewareAdobe Reader 9.3.2 Lite
Critical Adobe Reader Update
Adobe Reader 9.3.2 Security Update Released
Adobe Reader 9.4 Download Available
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.
The best option is to put Adobe Reader out to pasture.
Thanks. I was looking for this as some systems I do not allow on the web to auto update.
For some reason, Adobe refuses to prepare a full installer package. It has bee widely criticized for offering just patches in the past. And they are still doing the same thing.
Yet another great reason to switch to Foxit pdf reader.
…or PDFXchange PDF viewer.
Too bad that, usualy, only tech minded people read sites like these and know about these alternatives. Average Joe ofcourse is completely unaware…
Typical Adobe behavior.
Thanks for the heads up, Martin.
I do not have Adobe Reader open PDF’s in my browser
and I do not permit it to connect to the internet
all of which I presume limits risk.
I use PDF-XChange Viewer for most everything
with the one exception of some books as
Adobe still has a slight edge on
font rendering over others.
Am not sure, but Adobe had a problem late last year (September or October time-frame), which was partially resolved with Adobe Reader 9.2, then further resolved with Adobe Reader 9.3. However, the Java interface problem (from late last year) wasn’t fixed. It is quite possible the Java interface is now OK, which would explain Adobe’s rush to issue Adobe Reader 9.3.1 prior to their regular update cycle (believe it is monthly) because it would make them look better, if I am correct in my thinking. By the way, Adobe did a quick re-issue of Flash Player 100452 at the same time, possibly for a similar reason (the Flash Player has the same number as one issued a few days earlier, but the file size is different).
People criticize Acrobat Reader as if no other pdf readers suffer security problems. Surely other readers that offer the same features have the same potential for security problems. I think alternative readers give a false sense of security to people.
I don’t really know if the alternative programs have security issues or not, I suppose some issues will only become apparent over time. Still, with Adobe I am annoyed that almost every other week there is another patch necessary and it feels like you are always behind the update curve.
I too have removed Adobe from all pc where I can use alternative readers.