Adobe Reader Blog
Stay up-to-date on Adobe Reader…

October 13, 2009

Adobe Reader and Acrobat Updates Include New Security Improvements

Today, we announced the availability of Adobe Reader and Acrobat 9.2, 8.1.7 and 7.1.4. For more information regarding the security details in these releases, please see Security Bulletin APSB09-15.

In order to strengthen protections for customers using our products, we are constantly engaged in security improvement efforts. This includes better security controls within the product itself, as well as methods to rapidly protect end-users against quickly evolving threats by reducing the window of exposure to new vulnerabilities.

As of today, Adobe Reader and Acrobat 9.2 and 8.1.7 are shipping with a new “beta” updater technology, which will initially be in a passive state. We’re delivering it to end-users as part of today’s updates in this state so that we can enable a follow-on, invite-only, external beta program. Even though the new updater ships in a passive state, we have the ability to selectively activate it for end-users invited into the beta program, which will allow us to test a variety of network configurations encountered on the Internet in order to ensure a robust update experience. The purpose of the new updater, once it is active, is to keep end-users up-to-date in a much more streamlined and automated way. As beta testing progresses, we will continue to communicate pertinent details with you about the new updater, including when we expect it will be active for all users. If you are interested in joining the beta program, leave a comment to this blog post stating so.

Also added to the products, as of today’s Adobe Reader and Acrobat 9.2 and 8.1.7 updates, are two new changes in security user interface and control. We are moving more security awareness into the gold bar, which runs across the top of the document in the application chrome. In the past, if JavaScript had been disabled in the product, a dialog box would alert the end-user and provide further options. Now, when JavaScript is disabled, the gold bar will alert the end-user and provide further options. Our research has shown that this is a much friendlier and more effective way to interact with end-users on security matters. For more information, please see: CPS ID 50432.

Lastly, we have introduced the Adobe Reader and Acrobat JavaScript Blacklist Framework. The Framework provides customers granular control over the execution of specific JavaScript API calls. The purpose of the new JavaScript Blacklist Framework is to allow Adobe to protect customers against attacks that target a specific JavaScript API call. In this case, end-users and administrators can add that JavaScript API call to the blacklist, and block it from executing. Organizations can even block specific JavaScript API calls and keep their end-users from overriding that decision. For more information on the JavaScript Blacklist Framework, please see: CPS ID 50431.

Bookmark and Share

COMMENTS

  • By James Frederick - 5:37 PM on April 21, 2013  

    Having a hard time installing up dates.

    • By joiemikitson - 5:31 PM on April 22, 2013  

      Hi James, Can we help you with a specific issue you are having? Are you getting an error message? Which updates are you trying to install?

  • By Robin - 6:05 AM on June 7, 2013  

    I am getting a “New version available” notification, and am concerned that when checking it takes me to a 3rd party download, which then offers a range of unwanted add ons.

    Is this correct with the new version?

    • By joiemikitson - 4:51 PM on June 7, 2013  

      Hi Robin, Which third party download are you referencing? The most current version of Adobe Reader is 11.0.03.

  • By www.vbrotary.com - 10:40 AM on June 10, 2013  

    Hi there, just wanted to tell you, I liked this article. It was inspiring. Keep on posting!

    • By joiemikitson - 5:46 PM on June 10, 2013  

      Thanks!

  • By article design - 8:28 PM on June 14, 2013  

    I gotta bookmark this web site it seems invaluable very helpful.