Adobe began distributing the latest patched version of its Adobe Reader product directly from the official download site. The standard practice until now was to offer the installer for the last single-dot version and update it on first run. Because of its ubiquity, for the past several years Adobe Reader has been one of the preferred target of cyber criminals looking to infect users with malware. The flurry of zero-day remote code execution vulnerabilities discovered in the product has brought Adobe strong criticism from the information security community.
Studies have shown that the vast manjority of users fail to update software applications, leaving themselves exposed to attacks. And to make matters worse, Adobe's policy until two days ago involved distributing full installers only for single-dot versions, like 9.3, from its Download Center, despite the latest patched of the product being 9.3.3.
One year ago, the company explained that making double-dot versions available in the same manner it releases single-dot ones, would delay the release of critical security updates and actually increase the window of exposure for users. This is because over 70 installers for each language/platform pair would need to be generated and tested for each release, implying a much lengthier quality assurance process.
Since then, the developer has settled on a compromise and earlier this year announced that it will deliver double-dot releases as full installers, but only for the most popular language/platform pairs. For the Windows version this means English, German, Spanish, French and Japanese, for Linux, the same, but without Spanish, while for Mac only English-language installers are available.
Last year Adobe introduced a quarterly security update cycle for its Adobe Reader and Acrobat products, which means that these double-dot installers will be updated every four months if no out-of-band update is released. However, at the end of May, Brad Arkin, Adobe's director of product security and privacy, revealed that monthly security updates are currently being considered. It will be interesting to see how the company handles the full installer issue if that happens.
The latest Adobe Reader double-dot version for Windows can be downloaded from here.
The latest Adobe Reader double-dot version for MAC can be downloaded from here.
The latest Adobe Reader double-dot version for UNIX can be downloaded from here.
No comments:
Post a Comment