Adobe Reader Blog
Stay up-to-date on Adobe Reader…

Archive for October, 2009

October 13, 2009

Adobe Reader and Acrobat Updates Include New Security Improvements

Today, we announced the availability of Adobe Reader and Acrobat 9.2, 8.1.7 and 7.1.4. For more information regarding the security details in these releases, please see Security Bulletin APSB09-15.

In order to strengthen protections for customers using our products, we are constantly engaged in security improvement efforts. This includes better security controls within the product itself, as well as methods to rapidly protect end-users against quickly evolving threats by reducing the window of exposure to new vulnerabilities.

As of today, Adobe Reader and Acrobat 9.2 and 8.1.7 are shipping with a new “beta” updater technology, which will initially be in a passive state. We’re delivering it to end-users as part of today’s updates in this state so that we can enable a follow-on, invite-only, external beta program. Even though the new updater ships in a passive state, we have the ability to selectively activate it for end-users invited into the beta program, which will allow us to test a variety of network configurations encountered on the Internet in order to ensure a robust update experience. The purpose of the new updater, once it is active, is to keep end-users up-to-date in a much more streamlined and automated way. As beta testing progresses, we will continue to communicate pertinent details with you about the new updater, including when we expect it will be active for all users. If you are interested in joining the beta program, leave a comment to this blog post stating so.

Also added to the products, as of today’s Adobe Reader and Acrobat 9.2 and 8.1.7 updates, are two new changes in security user interface and control. We are moving more security awareness into the gold bar, which runs across the top of the document in the application chrome. In the past, if JavaScript had been disabled in the product, a dialog box would alert the end-user and provide further options. Now, when JavaScript is disabled, the gold bar will alert the end-user and provide further options. Our research has shown that this is a much friendlier and more effective way to interact with end-users on security matters. For more information, please see: CPS ID 50432.

Lastly, we have introduced the Adobe Reader and Acrobat JavaScript Blacklist Framework. The Framework provides customers granular control over the execution of specific JavaScript API calls. The purpose of the new JavaScript Blacklist Framework is to allow Adobe to protect customers against attacks that target a specific JavaScript API call. In this case, end-users and administrators can add that JavaScript API call to the blacklist, and block it from executing. Organizations can even block specific JavaScript API calls and keep their end-users from overriding that decision. For more information on the JavaScript Blacklist Framework, please see: CPS ID 50431.

Bookmark and Share
11:30 AM Permalink