Adobe Offering Insecure Adobe Reader Version For Download, Beware Home Windows Linux Software Internet Explorer Firefox Chrome Opera Email Contact Advertise Adobe Offering Insecure Adobe Reader Version For Download, Beware Adobe just recently released updates to their pdf reader Adobe Reader, raising its version to 9.3.3. The update fixed several security issues of which at least one was actively exploited in the wild. Computer users who visit the Adobe website might notice that Adobe is not offering that version for download, anywhere on the page. Instead they are still offering Adobe Reader 9.3 for download, a version that has been releases in January 2010, and updated three times since then to fix security vulnerabilities of which some are used in attacks. adobe reader This opens a can of worms and raises a question, how are Adobe Reader downloaders supposed to know that the version offered is not the latest? They apparently do not get that information on the Adobe Reader download page, nor are they informed about the insecure version on startup of the pdf reader. Adobe seems to solely rely on the Adobe Reader and Acrobat Manager, Adobearm which is configured as a startup process to launch with the operating system. This in itself is problematic depending on the computer system. Adobe ARM does not get executed before the next startup, which means that systems that run 24/7 will be insecure for that time, unless the administrator updates the program manually. It is also inefficient if the computer user decided to block the program from being started automatically with the operating system. That s highly understandable considering that Adobe does not provide local information about the startup item. A quick search on the Internet confirms the confusion as many users thought that the process was for ARM processors only. Lastly, users who do not allow automatic updates on their system will also be left with an insecure version of Adobe Reader. How to update Adobe Reader There are two possibilities to update Adobe Reader. The first is to use the Help Check For Updates option in the program itself. That s obviously only an option if the computer is connected to the Internet as it will query Adobe servers to retrieve the latest version. adobe reader update The second option is to download the patches for Adobe Reader directly from the Adobe website. Adobe Reader 9.3.1 Windows , Mac (Intel), Mac , Unix Adobe Reader 9.3.2 Windows , Mac (Intel), Mac , Unix Adobe Reader 9.3.3 Windows , Mac (Intel), Mac , Unix Product Update Pages: Windows , Mac , Unix Do you have Adobe Reader installed on your system? If so, which version is it? Related Articles: Adobe Still Offering Insecure Adobe Reader Version Adobe Reader 9.4 Download Available Adobe Reader 9.3.2 Lite Adobe Reader 9.3.1 Lite Critical Adobe Reader Update Enjoyed the article? : Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below. About the Author: Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand.
You can follow Martin on Facebook or Twitter . Author: Martin Brinkmann , Saturday July 3, 2010 - Tags: adobe , adobe reader , adobearm.exe You are here: Home companies Adobe Adobe Offering Insecure Adobe Reader Version For Download, Beware Previous Post: The Times Paywall Is Up, No More Free Content Next Post: Combine Images With Sprite Sheet Packer Click on the following link(s) to read more about Adobe , Security Responses so far: Transcontinental says: July 3, 2010 at 11:34 am I m up to 9.3.3 at this time, but I would have thought until now that a patch included previous patch(es), that is, should have I had to reinstall Adobe Reader I would have installed the core 9.3.0 (installer) and then the patch 9.3.3, skipping patches 9.3.1 and 9.3.2 (thanks, Martin) Why does Adobe not recode a clean 9.3.3 installer ? Are they as lazy as Steve Jobs once pointed out ? This is a real pain. Reply Martin says: July 3, 2010 at 11:40 am Transcontinental, I thought about this for a while. I was not sure if the latest patch included the previous patches as well. I checked the download page and it states for Adobe Reader 9.3.3 Note: This is update can be applied to Adobe Reader 9.3.2 . (yes the spelling error is there on the page). This suggests to me that you need to download and install all three patches to bring Adobe Reader to version 9.3.3. No idea why they are handling it this way, it is not user friendly nor secure in my opinion. Reply Transcontinental says: July 3, 2010 at 11:51 am Yes and, cherry on the cake, I d apply the patches in their natural order (who knows if there aren t any back/forwards incompatibilities unless one is aware of the exact content of the problems patched ? not me !) Reply Jason says: July 3, 2010 at 2:25 pm Adobe has always done this. It s really annoying to download and install software just to have to update it immediately. Whether or not it s a good thing, the Adobe Updater has been getting more aggressive so it should update the software pretty quickly after having it installed. I wish they would serve up the latest version in the download and it looks like I m getting my way. Starting in 2 weeks, Adobe said they ll serve up the latest version as a download according to: http://blogs.adobe.com/adobereader/2010/06/adobe_reader_and_acrobat_933_a.html Reply DanTe says: July 3, 2010 at 5:48 pm Adobe does this deliberately. Because when someone installs a hacked version of an Adobe product it automatically gets locked whenever that someone runs an Adobe Update routine. It s their lazy way of locking our pirates :) Reply Martin says: July 3, 2010 at 5:54 pm I highly doubt that Dante, especially since Adobe Reader is a free program :) Imagine they would be doing it like Microsoft, allowing access to security patches even if you are running a cracked version. Reply DanTe says: July 3, 2010 at 6:21 pm Adobe Reader is free. But Adobe Acrobat (that can edit PDFs) and other Adobe products are not. And since the Reader is generally needed on most machines, the very fact that Reader requires online access to update will lock out any of the hacked Adobe products on the PC. I ve tested this out myself :) As stated in the past, I have the licensed versions of products I use, I just like hacks to block sending out my personal info. (i.e. after installing that very cheap Windows 7 Pro that I had learned about from your site, I promptly reformatted and installed the Windows 7 BIE hack.) The way around Adobe s update locking out the hacks is not to run the update routines, but manually download the patches to Reader and leave out the patches to the hacks. BobbyPhoenix says: July 3, 2010 at 10:40 pm I just downloaded the reader last night, and as soon as it finished installing, I received notice that an update was ready, so I downloaded the one with the security hole, but it patched it before I could even use the reader, so no harm done. Reply Martin says: July 3, 2010 at 10:51 pm Bobby then you had a resident program running in the background, maybe Adobe Download Manager or one of the other Adobe programs that are running in the background. Not everyone gets those or wants those. Reply Womble says: July 4, 2010 at 2:52 am If this wasn t enough, here is an article that makes interesting reading. http://www.theregister.co.uk/2010/07/02/win_app_security_defences/ Reply Brad Arkin says: July 7, 2010 at 6:32 pm The fully patched adobe reader v9.3.3 will be posted on July 13, 2010. I posted on this topic in April: http://blogs.adobe.com/asset/2010/04/an_update_on_staying_up-to-dat.html Brad Arkin Sr director, product security privacy Adobe systems Reply Leave a Reply Follow Ghacks Subscribe To Comment Rss Click here to cancel reply. Name Mail (will not be published) Website Notify me of followup comments via e-mail Subscribe without commenting E-Mail: Follow This Blog Ghacks Technology Newsletter Ghacks Daily Newsletter RSS Feeds Google+ Page ; Facebook Fan Page ; Twitter Recent Posts Reports of Dropbox-linked email address spam Current Version of the Google Update plugin: How to remove Firefox 14.0.1 available, Why there won t be a Firefox 14.0 release Dropbox Sharing: Now with turn off option Skype bug sends private messages to the wrong contacts Download the Office 15 Consumer Preview now Panda Cloud Antivirus 2.0 released Popular Articles Free Music Sites Gmail Tools Google Browser Jqs.exe Microsoft Windows Update Open Docx Rapidshare Search Watch TV with your PC Web Proxy Windows Backup Software Popular Searches Orkut Login Gmail Login Page Googleupdate.exe Facebook Login Gmail Sign In Microsoft Download Manager Internet Explorer 8 Download Gmail Login Plugin-container.exe Atiedxx.exe Hotmail login Topics Adobe Amazon Apple Facebook Microsoft Yahoo Games Gadgets Ghacks Google Hardware Notebooks Mobiles Google Android iPhone Nokia Music And Video Music Industry Networks Server Online Services Operating Systems P2P Search Engines Security The Web Troubleshooting Tutorials Web Development Links Everything Microsoft Ask VG Brothersoft Blog Dottech Connected Internet Freeware Genius One Tip A Day Raymond.cc About Ghacks Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular latest tech news sites on the Internet with five authors and regular contributions from freelance writers. Services Tech Search Archives Authors Martin Brinkmann Melanie Gross Mike Halsey Ryan D. Lang Jack Wallen © 2005-2012 Ghacks.net. All Rights Reserved. Privacy Policy - About Us
source
Комментариев нет:
Отправить комментарий