Adobe Reader Blog
Stay up-to-date on Adobe Reader…

Archive for June, 2010

June 29, 2010

Adobe Reader and Acrobat 9.3.3 and 8.2.3

Today, we announced the availability of Adobe Reader and Acrobat 9.3.3 and 8.2.3. In addition to addressing CVE-2010-1297, referenced in Security Advisory APSA10-01, this accelerated quarterly Adobe Reader and Acrobat update resolves a number of responsibly disclosed vulnerabilities. For more information regarding the security details in these releases, please see Security Bulletin APSB10-15.

Schedule Change
As mentioned in the Adobe Secure Software Engineering Team (ASSET) blog post titled Background on APSA10-01 Patch Schedule, today’s security update for Adobe Reader and Acrobat represents an accelerated release of the quarterly security update originally scheduled for July 13, 2010. With this accelerated schedule, Adobe will not release additional updates for Adobe Reader and Acrobat on July 13, 2010. The next quarterly update is scheduled for October 12, 2010.

Adobe Download Center Changes are Coming
In the past, we delivered Adobe Reader updates as full installers or patches (for instance, 9.x = full installer, 9.x.y = patch). The Adobe Reader Download Center at http://get.adobe.com/reader always offers the most recent full installer of Adobe Reader, which is currently Adobe Reader 9.3. After installation, the Adobe Reader Updater will automatically check and offer the latest patches to keep end-users up-to-date (as of today, the latest patch is Adobe Reader 9.3.3).

We have been working on a new method of always offering the latest version, whether they be full installers or patches, of our most popular language/platform pairs on the Adobe Download Center. This change will make its debut as scheduled on July 13, 2010 (by offering Adobe Reader 9.3.3 for installation) and will become a standard operating procedure going forward. In addition, as always, the Adobe Reader Updater will continue to automatically check for new updates, or users can force an update to happen by selecting > Help > Check for Updates from the Adobe Reader menu.

Update on the New Updater
For our previous quarterly release on Tuesday, April 13, 2010, we activated the new Adobe Reader and Acrobat Updater for our user base. We have been very pleased with the results. When we compared the new updater against the older technology, we found that our users were much more likely to update using the new Adobe Reader Updater. Our data showed that the user population adopted the last update roughly three times faster than previous updates. This is an extremely important metric, since it greatly reduces the window of exposure available to attackers.

PDF “/Launch” Functionality Social Engineering Attack Update
In a previous blog post titled PDF /Launch Social Engineering Attack, I mentioned that Didier Stevens had demonstrated a social engineering attack, which relied on the “/launch” functionality as described in the PDF specification (ISO PDF 32000-1:2008) under section 12.6.4.5. Today’s update includes changes to resolve the misuse of this command. We added functionality to block any attempts to launch an executable or other harmful objects by default. We also altered the way the existing warning dialog works to thwart the known social engineering attacks.
If your organization relies on this capability, we recommend that the functionality be re-enabled.

We are Listening
Adobe Reader is relied upon by individuals, businesses and governments worldwide, and the security of our users continues to be a key priority for us. As part of our commitment, we continually listen to the feedback from our users and the community at large. That feedback is paramount, as we continue to develop new capabilities that strengthen the security of our products. So, please keep the feedback coming!

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share
9:36 AM Permalink
June 7, 2010

Adobe Reader for Android and Your Feedback

It’s been two weeks since Adobe Reader for Android went live on the Android Market. To date, we’ve seen over 250,000 downloads and received a lot of great feedback from our end-users. We’re also getting some great questions regarding our thoughts concerning PDF and mobile environments. I thought I’d answer a few of those questions here.

Mobile Devices and Varying Screen Sizes
The expanding array of mobile devices are driving demand for new and better applications that enable customers to read and use PDF in the mobile environment. Adobe Reader for Android is our first version of Adobe Reader targeting the new wave of smartphone devices. In this first release, we focused on two major areas that we think differentiate Adobe Reader from other choices.

Performance
Mobile devices offer incredible opportunities, but they can also create interesting challenges as a result of limited resources and smaller screen sizes. We spent a lot of time making sure that the interaction with PDF documents was not only natural and easy, but also accurate with good performance. For instance, we tested Adobe Reader for Android against a wide variety of PDF documents and found that, on average, we successfully displayed the first page roughly twice as fast as other viewers. But, we also found that on some documents, the responsiveness of the application can lag a bit. Therefore, we are looking carefully at new ways of improving this.

Supporting the PDF Specification
The PDF specification is quite broad and includes many capabilities that address a wide range of document use cases. A key value proposition of any Adobe Reader is that it handles the fullest possible range of PDF for any given category of device or application. Given the limitations of the mobile environment, we can’t yet claim support for the full ISO 32000 specification, but we believe we support the broadest range of the spec for the most common use cases. We ran Adobe Reader for Android through our PDF test suite, which contains real-world PDF documents like annual reports, presentations, contracts, invoices and press releases. We found that other viewers did not support several common PDF features such as:

  • Transparencies: objects on a page, such as images or text that are transparent or ‘show through’, which is an extremely common way to create drop shadows for 3D effects seen in brochures and presentations
  • Smooth Shading: used to accurately describe gradient fills, which are common in PowerPoint presentation backgrounds, including many of the templates that ship with the product
  • Masked Images: images that have portions made transparent, which is common for GIF images within web pages, and subsequently the PDFs created from those web pages
  • JBIG2 and JPEG2000: Compression algorithms commonly used to optimize file size for scanned documents

While Adobe Reader for Android, rendered them successfully.

What’s Next?
Are we done? Absolutely not. In general, we believe Adobe Reader for Android offers a great PDF experience on smartphones, but our work is only beginning. PDF is an incredibly powerful standard, which allows for capabilities like dynamic media, interactive forms and digital signatures. Bringing those advanced technologies to mobile platforms will most certainly require new innovative designs, platform advancements and cloud services. One thing is for certain, your feedback is key. We’ve been very pleased with all the great thoughts so far. So, please keep it up. And, stay tuned, there’s a lot more coming!

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share
2:30 PM Permalink