Adobe PDF silent updater, critical patch coming next Tuesday

Adobe PDF silent updater, critical patch coming next Tuesday

Summary: The patches will be released alongside a new automatic updater software that the company hopes will speed up the downloading and deployment of its security fixes.

SHARE:

Adobe today announced plans to ship a critical security patch next Tuesday (April 13, 2010) to fix multiple high-risk security holes in its Reader and Acrobat product lines.

The patches will be released alongside a new automatic updater software that the company hopes will speed up the downloading and deployment of its security fixes.   The security fixes in this Reader/Acrobat patch batch will apply to Windows, Macintosh and UNIX users.

[ SEE: Adobe working on new automatic (silent) updater ]

The new updater, which was first shipped in a passive state last October, will be turned on for all readers from next week to keep end-users up-to-date in a much more streamlined and automated way, according to Adobe's Steve Gottwals.follow Ryan Naraine on twitter

He said the new updater will be activated for all users needing Adobe Reader and Acrobat 9.3.2 and 8.2.2 for Windows and Macintosh.

By default, Adobe will use the current update setting found in the Adobe Reader and Acrobat Preferences, under the "Updater" panel.  For Windows users, this is what it looks like:

[ ALSO READ: Flash attack may as well have been zero-day ]

Gottwals explains the thinking behind the default settings:

The new updater has been optimized for each platform, and as you will notice, on Windows offers an option called "Automatically install updates." With this option, to avoid disturbing the user, the new updater favors a time when the system is not busy to install new updates without user intervention.

Studies have shown that silent updaters [without any user action] are the most effective way to ensure the widest possible distribution of security patches and Adobe is clearly hoping that this will speed up the distribution of its patches.

Topics: Security, Enterprise Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • Will it work w/o Admin rights?

    The biggest issue I have with auto-updaters is that they require the user
    to have admin level privileges, something that most companies do not
    allow.

    So... Will this work on a standard user account in XP?
    Gritztastic
    • No

      [b] [/b]
      AzuMao
    • Admin rights

      Considering most of my PCs are restricted and locked down, auto-updater wont' work for us. Adobe should have thought about that.
      jakenned@...
  • RE: Adobe PDF silent updater, critical patch coming next Tuesday

    Seems nobody worries about the update servers being hacked?

    I gave up on Acrobat Reader a long time ago.
    wkulecz
    • How?

      [i]I gave up on Acrobat Reader a long time ago.[/i]

      Short of degaussing your hard drive, can you [i]really[/i] be sure you've removed one of Adobe's cra-.. er.. "products"?
      AzuMao
  • Oh, oh!

    Today I clicked "OK" on what purportedly was an Adobe update. Should I be worried?
    nbahn
    • Yes. Malicious PDFs can make the dialog say whatever they want, and you..

      ..only need to click "OK" for their payload to run.


      Might want to get a decent AV and scan. AVG is free and NOD32 has a trial.
      AzuMao
  • RE: Adobe PDF silent updater, critical patch coming next Tuesday

    One concern with this is that some of the patches for Acrobat are over 300 MB (full Acrobat - I don't know if that's true of Reader as well). But if the updater requires admin rights to install upgrades, it won't help most businesses much anyway.

    I was more enthused about recent speculation that Adobe might put their patches into WSUS, which would at least solve the admin rights problem. If Microsoft doesn't want to be responsible for another company's patches, they could put them in the Windows Catalog and let administrators download them into WSUS manually. IMO not pushing Adobe updates out to WSUS automatically would be sufficient to mitigate MS's potential responsibility.
    1DaveN
    • Adobe should learn to diff. 300 MBs for an update? Yuck!

      [b] [/b]
      AzuMao
  • RE: Adobe PDF silent updater, critical patch coming next Tuesday

    Can silent updater be configured for a specific time; 3 am?
    jakenned@...
  • RE: Adobe PDF silent updater, critical patch coming next Tuesday

    This still doesn't solve the problem. Adobe software is horrendously boated with too many unnecessary "features". All of this leads to more and more security holes.

    Adobe needs a complete rewrite of Adobe Reader. It should display PDF files and that's it. period. Nothing else.
    Bob_DaBoob
  • RE: Adobe PDF silent updater, critical patch coming next Tuesday

    Great!!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">sesli sohbet</a> <a href="http://www.yuregininsesi.com">sesli chat</a>
    efsane