Adobe Offering Insecure Adobe Reader Version For Download, Beware
Adobe just recently released updates to their pdf reader Adobe Reader, raising its version to 9.3.3. The update fixed several security issues of which at least one was actively exploited in the wild. Computer users who visit the Adobe website might notice that Adobe is not offering that version for download, anywhere on the page.
Instead they are still offering Adobe Reader 9.3 for download, a version that has been releases in January 2010, and updated three times since then to fix security vulnerabilities of which some are used in attacks.
This opens a can of worms and raises a question, how are Adobe Reader downloaders supposed to know that the version offered is not the latest? They apparently do not get that information on the Adobe Reader download page, nor are they informed about the insecure version on startup of the pdf reader.
Adobe seems to solely rely on the Adobe Reader and Acrobat Manager, Adobearm which is configured as a startup process to launch with the operating system. This in itself is problematic depending on the computer system. Adobe ARM does not get executed before the next startup, which means that systems that run 24/7 will be insecure for that time, unless the administrator updates the program manually.
It is also inefficient if the computer user decided to block the program from being started automatically with the operating system. That's highly understandable considering that Adobe does not provide local information about the startup item. A quick search on the Internet confirms the confusion as many users thought that the process was for ARM processors only.
Lastly, users who do not allow automatic updates on their system will also be left with an insecure version of Adobe Reader.
How to update Adobe Reader
There are two possibilities to update Adobe Reader. The first is to use the Help > Check For Updates option in the program itself. That's obviously only an option if the computer is connected to the Internet as it will query Adobe servers to retrieve the latest version.
The second option is to download the patches for Adobe Reader directly from the Adobe website.
Do you have Adobe Reader installed on your system? If so, which version is it?Advertisement