Adobe Plugs 13 Security Holes in Critical Update
Adobe Systems embarks on a new schedule for security updates with 13 critical fixes in tow for Reader and Acrobat. In response to controversy, Adobe had pledged to issue quarterly updates and tighten its coding process during application development.Adobe Systems promised it was making changes to its security process, and June 9 it made good. The company issued the first of what will now be quarterly security updates for Adobe Acrobat and Reader, this time plugging 13 "critical" vulnerabilities in Windows and Macintosh versions of the programs.
In February, Adobe began reviewing legacy code as well as new code as part of its secure code development process. However, the security issues continued-two other bugs were subsequently found and patched, increasing criticism of the company. In May, the company announced a three-pronged strategy to improve security: enhanced incident response, quarterly patches and the aforementioned changes to the development process.
"I believe that the Adobe program of providing a predictable patch cycle will be helpful to the IT admin community," said Qualys CTO Wolfgang Kandek. "It will raise the visibility of the Adobe patches both on the IT admin and IT management side and will increase the attention paid to these vulnerabilities."