Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.02) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.4 and earlier 9.x versions for Linux. You can update your system to the latest versions from the built-in updater or by downloading the patch from the Adobe website. IT professionals can get more details on the update and deploying it from the Enterprise Toolkit for Acrobat products.

For more details please review the official security bulletin.

Cyber attackers today are intent on not only stealing data, but also crashing systems, damaging reputations, or just simply showing off their hacking prowess. As a result, businesses, schools and government agencies have to spend more resources to battle those attacks. It’s not only expensive from an IT perspective, but also in the potential loss of trust in that organization by their customers and constituents. A recent survey by PWC found that 28.6% of respondents claim their company suffered financial loss due to a security breach incident. That’s a worrying statistic for sure.

Universally-accepted file types – including PDF, unfortunately – are one of many ways these hackers gain entry to systems by embedding malicious code into the files. So choosing a PDF software application that fully uses modern mitigation techniques to reduce risk is obviously important. To help you understand the risks and evaluate a vendor’s approach to security, we have recently updated and published the white paper PDF Application Security – How to minimize your risk. It’s available for free from Adobe’s web site.

The white paper contains results of independent third-­party testing on the entire Acrobat family of products, specifically related to security. Adobe Reader X and Adobe Acrobat X produced excellent results in security testing by implementing what security experts call a “defense-in-depth” approach within the software and as offered by the operating system. Adobe Reader XI and Adobe Acrobat XI have improved security and sandboxing even further, and Adobe continues to invest in security. This investment has helped reduce the need for out-­of-­cycle security updates. Note in the diagram below, Adobe Acrobat X only had two out-­of-­cycle security updates, while Adobe Acrobat 9 had seven. Deploying a software patch is a timely and expensive process, so we want to help IT professionals minimize those costs by reducing the number of out-of-cycle patches for the Adobe Acrobat family of products.

If you are considering PDF software based on the licensing cost, please be careful. The days of making software choices based on the quoted price alone – without thorough consideration of security – are long gone. You should be asking vendors about operating system mitigations built into their PDF software, processes in place for addressing security threats, and even how involved the vendor is with the broader security community. To get more details about all the ways the Adobe Acrobat family helps organizations do more with PDF, while also providing advanced security, lower costs, and easier software management, download and read the free white paper, PDF Application Security – How to minimize your risk.

UPDATE for FEBRUARY 20, 2013: Patches are now available for Adobe Reader and Acrobat XI for Windows and Macintosh, X for Windows and Macintosh, and 9 for Windows, Macintosh and Linux. Please refer to the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog for details.

Adobe plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux during the week of February 18, 2013. Adobe will continue to provide updates on these issues via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog. Please refer to these resources for any details.

Remember floppy disks? What about cassette tapes? These two types of technology seem almost ancient, and something you might find in an antique store. Well move over floppy disks and cassette tapes and make some room for the fax machine! A large percentage of faxes are used to send a document with multiple signatures. What if these documents could be signed and exchanged electronically by each person?

Adobe Acrobat XI has full support for signing documents. Adobe EchoSign is an easy to use online service that allows you to instantly send, eSign, track and file documents securely. Recipients can sign right in their browser on virtually any connected device without downloading a plug-in or having to create an EchoSign account. Using these two products together gives you the ability to complete the entire process of signing documents electronically, and the final signed document can be viewed reliably by anyone with the free Adobe Reader.

It’s simple too!

Continue reading…

We released our “Patch Tuesday” update to Acrobat & Adobe Reader earlier this week.

For information on the security updates see Security Bulletin APSB13-02 for details.
For detailed Release Notes, please see the Enterprise Toolkit.

A few highlights to be aware of:

New Updater Mode Added to Acrobat XI for Windows
The Adobe Acrobat XI for Windows updater now has a fully-automated mode. As a reminder, “fully-automated” mode will regularly check for important updates, download them to your machine, and install them automatically. When finished, you will be alerted via a small message in the system tray that your software has been updated. This method is the recommended best practice for keeping Adobe Acrobat up-to-date and more secure given the fact that it does not require user intervention.

Handling Flash in 10.1.5
As mentioned in Three Common Adobe Reader and Acrobat Security Questions, unknown Flash will now be rendered by the system Flash Player (NPAPI version), when using Adobe Reader and Acrobat 10.1.5. Note: This has already been done for Reader and Acrobat 11. As stated before, this means that Adobe Reader/Acrobat users will no longer have to update Adobe Reader/Acrobat each time we update the Flash Player. This is particularly beneficial to customers in managed environments, because fewer updates means a lower cost of ownership, while maintaining a vigilant security posture.

And as a reminder, support for Adobe Acrobat 9.x will end on June 26, 2013.

Today, we announced the availability of Adobe Reader and Acrobat X (10.1.4) and 9.5.2. For more information regarding the security details in these releases, please see Security Bulletin APSB12-16. For detailed Release Notes, please see the Release Notes Library.

Steve Gottwals, Group Product Manager