Adobe Systems is to activate a new updater tool that requires no user interaction, in next week’s security update for Adobe Reader and Acrobat
Users of Adobe Acrobat and Reader will have a new update tool after the security update on 13 April, which allows security fixes to be downloaded for Windows users without any user interaction.
Adobe Systems is enabling the silent updating feature in its two products in an effort to ensure that users are running the most secure versions of the company’s software.
With the new updater, Windows users can configure Adobe Reader and Acrobat to automatically download updates without user interaction. Right now, users have the choice of handling the entire process manually or downloading the updates automatically with user interaction being required before installation.
On 13 April, Adobe will turn the feature on for all users needing Reader and Acrobat 9.3.2 and 8.2.2 on Windows and Mac computers. Mac owners, however, will not be able to automate the entire process due to the Mac’s requirement that users provide a password before any software installation, an Adobe spokesperson explained.
Adobe said it has no plans to force users to download the updates automatically by default, and the 13 April updates will follow the customer’s current update settings found in Adobe Reader and Acrobat under Preferences.
Driving the interest in updates is the growing use of Reader and Acrobat as attack vectors. In McAfee’s 2010 Threat Predictions report (PDF), researchers speculated that there would be more attacks targeting Adobe vulnerabilities than Microsoft in 2010.
“Using reliable ‘heap spray-like’ and other exploitation techniques, malware writers have turned Adobe apps into a hot target,” the report said. “Further, Flash and Reader are among the most widely deployed applications in the world, which provides a higher return on investment to cyber-criminals.”
“The majority of attacks we are seeing are exploiting software installations that are not up-to-date with the latest security fixes,” Steve Gottwals, group product manager for Adobe Reader, noted in a blog post 8 April. “We therefore believe that the automatic update option is the best choice for most end users.”
Gottwals explained that the company had been testing the updater with select customers since October, and used it during the company’s quarterly updates 12 January and 16 February on beta testers.
“This allowed us to test a variety of network configurations encountered on the Internet in order to ensure a robust update experience,” Gottwals wrote. “That beta process has been a successful one, and we’ve incorporated several positive changes to the end-user experience and system operation. Now, we’re ready for the next phase of deployment.”
Next week’s update will include fixes for critical security issues affecting Reader 9.3.1 for Windows, Macintosh and Unix; Acrobat 9.3.1 for Windows and Macintosh; and Reader 8.2.1 and Acrobat 8.2.1 for Windows and Macintosh. Further details on the vulnerabilities were not available.