Adobe Still Offering Insecure Adobe Reader Version

Martin Brinkmann
Feb 18, 2010
Updated • Jul 5, 2016
Software
|
11

If you are a Ghacks regular you have without doubt noticed that Adobe has published an update for Adobe Reader and Adobe Acrobat yesterday that fixes two security vulnerabilities that affect Adobe Reader and Acrobat 9.3 and earlier.

The update that has been released updates both products to version 9.3.1. One would think that this should have been the end of the story but it apparently is not.

The rather strange thing is that Adobe is still offering Adobe Reader 9.3.0 on their official download site, the version that the two security vulnerabilities have been detected in.

If you click on Get Adobe Reader on the official Adobe homepage you notice that they still offer Adobe Reader 9.3 and not the updated Adobe Reader 9.3.1. This in turn means that users who download Adobe Reader from Adobe install a software with known security vulnerabilities.

Adobe offers the security update for Adobe Reader 9.3.0 on a separate page that is not directly linked to the pdf reader on the official download page.

It is not clear why Adobe has not released version 9.3.1 of Adobe Reader as a standalone download or why they are not including information about the security update on the official download page.

The only option users have at this point is to install Adobe Reader 9.3.0 and then the security update to patch the pdf reader to version 9.3.1.

This is far from comfortable, and will leave some systems unpatched probably as a consequence.

Update: You can download the latest version of Adobe Reader, which is version 2015.016.20039 at the time of writing, from the Adobe website. This takes care of the security issues in Adobe reader 9.3.0. Adobe as of right now is offering the latest version of Adobe Reader on the website for download.

Summary
Article Name
Adobe Still Offering Insecure Adobe Reader Version
Description
Adobe offers Adobe Reader and Acrobat 9.3.0 on its download site, an insecure version, while it has released a patch to version 9.3.1 already.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. tom said on February 19, 2010 at 9:32 am
    Reply

    I don’t really know if the alternative programs have security issues or not, I suppose some issues will only become apparent over time. Still, with Adobe I am annoyed that almost every other week there is another patch necessary and it feels like you are always behind the update curve.
    I too have removed Adobe from all pc where I can use alternative readers.

  2. mule said on February 18, 2010 at 11:28 pm
    Reply

    People criticize Acrobat Reader as if no other pdf readers suffer security problems. Surely other readers that offer the same features have the same potential for security problems. I think alternative readers give a false sense of security to people.

  3. subgrampus said on February 18, 2010 at 10:50 pm
    Reply

    Am not sure, but Adobe had a problem late last year (September or October time-frame), which was partially resolved with Adobe Reader 9.2, then further resolved with Adobe Reader 9.3. However, the Java interface problem (from late last year) wasn’t fixed. It is quite possible the Java interface is now OK, which would explain Adobe’s rush to issue Adobe Reader 9.3.1 prior to their regular update cycle (believe it is monthly) because it would make them look better, if I am correct in my thinking. By the way, Adobe did a quick re-issue of Flash Player 100452 at the same time, possibly for a similar reason (the Flash Player has the same number as one issued a few days earlier, but the file size is different).

  4. Robert Palmar said on February 18, 2010 at 9:48 pm
    Reply

    Typical Adobe behavior.
    Thanks for the heads up, Martin.

    I do not have Adobe Reader open PDF’s in my browser
    and I do not permit it to connect to the internet
    all of which I presume limits risk.

    I use PDF-XChange Viewer for most everything
    with the one exception of some books as
    Adobe still has a slight edge on
    font rendering over others.

  5. rvdmast said on February 18, 2010 at 9:38 pm
    Reply

    …or PDFXchange PDF viewer.
    Too bad that, usualy, only tech minded people read sites like these and know about these alternatives. Average Joe ofcourse is completely unaware…

  6. dwarf_toss said on February 18, 2010 at 7:42 pm
    Reply

    Yet another great reason to switch to Foxit pdf reader.

  7. passerby said on February 18, 2010 at 6:20 pm
    Reply

    For some reason, Adobe refuses to prepare a full installer package. It has bee widely criticized for offering just patches in the past. And they are still doing the same thing.

  8. DanTe said on February 18, 2010 at 3:33 pm
    Reply

    Thanks. I was looking for this as some systems I do not allow on the web to auto update.

  9. Mike J said on February 18, 2010 at 2:31 pm
    Reply

    The best option is to put Adobe Reader out to pasture.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.