Adobe Still Offering Insecure Adobe Reader Version
If you are a Ghacks regular you have without doubt noticed that Adobe has published an update for Adobe Reader and Adobe Acrobat yesterday that fixes two security vulnerabilities that affect Adobe Reader and Acrobat 9.3 and earlier.
The update that has been released updates both products to version 9.3.1. One would think that this should have been the end of the story but it apparently is not.
The rather strange thing is that Adobe is still offering Adobe Reader 9.3.0 on their official download site, the version that the two security vulnerabilities have been detected in.
If you click on Get Adobe Reader on the official Adobe homepage you notice that they still offer Adobe Reader 9.3 and not the updated Adobe Reader 9.3.1. This in turn means that users who download Adobe Reader from Adobe install a software with known security vulnerabilities.
Adobe offers the security update for Adobe Reader 9.3.0 on a separate page that is not directly linked to the pdf reader on the official download page.
It is not clear why Adobe has not released version 9.3.1 of Adobe Reader as a standalone download or why they are not including information about the security update on the official download page.
The only option users have at this point is to install Adobe Reader 9.3.0 and then the security update to patch the pdf reader to version 9.3.1.
This is far from comfortable, and will leave some systems unpatched probably as a consequence.
Update: You can download the latest version of Adobe Reader, which is version 2015.016.20039 at the time of writing, from the Adobe website. This takes care of the security issues in Adobe reader 9.3.0. Adobe as of right now is offering the latest version of Adobe Reader on the website for download.Advertisement