Adobe working on new automatic (silent) updater
Sometime this month, Adobe will release the updater to beta users to test the effectiveness of silent patching. In effect, the tool gives end users an automatic download in the background and will install the updates with no user interaction option.
[ ALSO READ: Flash attack may as well have been zero-day ]
"They can download and then give them the choice to install it, or it can just notify – or you can turn it off completely. And so, by giving users these options, you know, people who have a well managed environment and they’ve got good reason for why they don’t want to install an update, Arkin said in a Q&A posted to Threatpost.com.
Studies have shown that silent updaters [without any user action] are the most effective way to ensure the widest possible distribution of security patches and Adobe is clearly hoping that this will speed up the distribution of its patches.
In the Threatpost Q&A, Arkin also addresses his team's incident response process and explains why it's near impossible to remove JavaScript support from PDF Reader, despite the known dangers associated with JavaScript.