Adobe Systems will activate a new updater tool for its user base when it releases a security update April 13 for Adobe Reader and Acrobat. The updater can be set to download security fixes for Windows users without any user interaction.
Systems is enabling a silent updating feature
in two products in an effort
to ensure that users are running the most secure versions of the company's
With the new updater, Windows users can configure Adobe Reader and Acrobat
to automatically download updates without user interaction. Right now,
users have the choice of handling the entire process manually or downloading
the updates automatically with user interaction being required before
On April 13, Adobe will turn the feature on for all users needing Reader and
Acrobat 9.3.2 and 8.2.2 on Windows and Mac computers. Mac owners,
however, will not be able to automate the entire process due to the
Mac's requirement that users provide a password before any software
installation, an Adobe spokesperson explained.
Adobe said it has no plans to force users to download the updates
automatically by default, and the April 13 updates will follow the
customer's current update settings found in Adobe Reader and Acrobat under
Driving the interest in updates is the growing use of Reader and Acrobat as
attack vectors. In McAfee's 2010
report (PDF), researchers speculated that there would be
more attacks targeting Adobe vulnerabilities than Microsoft in 2010.
"Using reliable 'heap spray-like' and other exploitation techniques,
malware writers have turned Adobe apps into a hot target," the report
said. "Further, Flash and Reader are among the most widely deployed
applications in the world, which provides a higher return on investment to
majority of attacks
we are seeing are exploiting software installations
that are not up-to-date with the latest security fixes," Steve Gottwals,
group product manager for Adobe Reader, noted in a blog post April 8. "We
therefore believe that the automatic update option is the best choice for most
Gottwals explained that the company had been testing the updater with select
customers since October, and used it during the company's quarterly updates
Jan. 12 and Feb. 16 on beta testers.
"This allowed us to test a variety of network configurations
encountered on the Internet in order to ensure a robust update experience,"
Gottwals wrote. "That
has been a successful one, and we've incorporated several
positive changes to the end-user experience and system operation. Now, we're
ready for the next phase of deployment."
Next week's update will include fixes for critical
affecting Reader 9.3.1 for Windows, Macintosh and Unix; Acrobat
9.3.1 for Windows and Macintosh; and Reader 8.2.1 and Acrobat 8.2.1 for Windows
and Macintosh. Further details on the vulnerabilities were not available.