Adobe Reader Blog
Stay up-to-date on Adobe Reader…

Author Archive

August 31, 2010

Adobe Reader for Android Now Available in Six Languages

Ici. Hier. Qui. Aquí. Hier. It’s here – today we added support for five additional languages for Adobe Reader for Android: French, German, Italian, Spanish and Dutch.

In this update (V9.0.2) Android phone users in these locales can now view and interact with PDF files in the language most convenient to them.

It’s easy and just a few clicks away to download (click from your Android device) this free update in your own language from your Android phone. Once the update is installed, Adobe Reader adopts the current language settings of your smart phone for any of the supported languages.

We hope today’s update will make mobile reading of PDF files that much more enjoyable for more of our users around the globe. We look forward to hearing your thoughts on the product and update: post your comments on this blog or on AcrobatUsers.com in the forums.

Happy mobile reading!

Aman Deep Nagpal, Senior Product Manager, Acrobat Solutions

Bookmark and Share
3:19 PM Permalink
July 27, 2010

Adobe Reader for Android Hits 1 Million Downloads

Today’s post is dedicated to our Adobe Reader for Android users who have been instrumental in building some great momentum since we launched the product just two months ago.

Just this week, Adobe Reader for Android reached the 1 million download mark in the Android Market. Also in that time period, Adobe Reader has received an average of four stars from over 4,000 users who have rated it to date. eWeek recently picked Adobe Reader as one of the Top 10 Apps Motorola Droid X owners should acquire at launch.

These milestones are just the beginning of an exciting journey of enabling users the ability to view PDF files on Android mobile devices. Based on user feedback, we released an update to Adobe Reader for Android earlier this month with performance enhancements and the ability to open PDF files from local storage on Android mobile devices. We look forward to further enhancing the product and providing you with a great user experience for viewing and working on PDF documents on mobile devices.

Let us know what you think about Adobe Reader for Android. Provide your feedback on the product either via comments on this blog or through the Adobe Reader user forums: http://forums.adobe.com/community/adobe_reader_forums/android.

If you haven’t downloaded and used Adobe Reader for Android yet, isn’t it time you joined the million other users who have?

Thank You!

Aman Deep Nagpal, Senior Product Manager, Acrobat Solutions Group

Bookmark and Share
3:26 PM Permalink
July 20, 2010

Adobe Reader Protected Mode

Adobe Reader is relied upon by hundreds of millions of individuals worldwide. We understand that with such wide usage comes responsibility, and protecting our end-users is a top priority. Over the last year, Adobe has publicly discussed a number of product security initiatives around Adobe Reader—starting with the May 2009 blog post by Brad Arkin, Adobe’s senior director of product security and privacy.

Today, Adobe is announcing the next major step in our Adobe Reader product security initiative—the development of Adobe Reader Protected Mode (in the technical community referred to as “sandboxing”). For additional details on this announcement, see today’s Adobe Security Software Engineering Team (ASSET) blog post by Brad Arkin.

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share
4:20 PM Permalink
June 29, 2010

Adobe Reader and Acrobat 9.3.3 and 8.2.3

Today, we announced the availability of Adobe Reader and Acrobat 9.3.3 and 8.2.3. In addition to addressing CVE-2010-1297, referenced in Security Advisory APSA10-01, this accelerated quarterly Adobe Reader and Acrobat update resolves a number of responsibly disclosed vulnerabilities. For more information regarding the security details in these releases, please see Security Bulletin APSB10-15.

Schedule Change
As mentioned in the Adobe Secure Software Engineering Team (ASSET) blog post titled Background on APSA10-01 Patch Schedule, today’s security update for Adobe Reader and Acrobat represents an accelerated release of the quarterly security update originally scheduled for July 13, 2010. With this accelerated schedule, Adobe will not release additional updates for Adobe Reader and Acrobat on July 13, 2010. The next quarterly update is scheduled for October 12, 2010.

Adobe Download Center Changes are Coming
In the past, we delivered Adobe Reader updates as full installers or patches (for instance, 9.x = full installer, 9.x.y = patch). The Adobe Reader Download Center at http://get.adobe.com/reader always offers the most recent full installer of Adobe Reader, which is currently Adobe Reader 9.3. After installation, the Adobe Reader Updater will automatically check and offer the latest patches to keep end-users up-to-date (as of today, the latest patch is Adobe Reader 9.3.3).

We have been working on a new method of always offering the latest version, whether they be full installers or patches, of our most popular language/platform pairs on the Adobe Download Center. This change will make its debut as scheduled on July 13, 2010 (by offering Adobe Reader 9.3.3 for installation) and will become a standard operating procedure going forward. In addition, as always, the Adobe Reader Updater will continue to automatically check for new updates, or users can force an update to happen by selecting > Help > Check for Updates from the Adobe Reader menu.

Update on the New Updater
For our previous quarterly release on Tuesday, April 13, 2010, we activated the new Adobe Reader and Acrobat Updater for our user base. We have been very pleased with the results. When we compared the new updater against the older technology, we found that our users were much more likely to update using the new Adobe Reader Updater. Our data showed that the user population adopted the last update roughly three times faster than previous updates. This is an extremely important metric, since it greatly reduces the window of exposure available to attackers.

PDF “/Launch” Functionality Social Engineering Attack Update
In a previous blog post titled PDF /Launch Social Engineering Attack, I mentioned that Didier Stevens had demonstrated a social engineering attack, which relied on the “/launch” functionality as described in the PDF specification (ISO PDF 32000-1:2008) under section 12.6.4.5. Today’s update includes changes to resolve the misuse of this command. We added functionality to block any attempts to launch an executable or other harmful objects by default. We also altered the way the existing warning dialog works to thwart the known social engineering attacks.
If your organization relies on this capability, we recommend that the functionality be re-enabled.

We are Listening
Adobe Reader is relied upon by individuals, businesses and governments worldwide, and the security of our users continues to be a key priority for us. As part of our commitment, we continually listen to the feedback from our users and the community at large. That feedback is paramount, as we continue to develop new capabilities that strengthen the security of our products. So, please keep the feedback coming!

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share
9:36 AM Permalink
June 7, 2010

Adobe Reader for Android and Your Feedback

It’s been two weeks since Adobe Reader for Android went live on the Android Market. To date, we’ve seen over 250,000 downloads and received a lot of great feedback from our end-users. We’re also getting some great questions regarding our thoughts concerning PDF and mobile environments. I thought I’d answer a few of those questions here.

Mobile Devices and Varying Screen Sizes
The expanding array of mobile devices are driving demand for new and better applications that enable customers to read and use PDF in the mobile environment. Adobe Reader for Android is our first version of Adobe Reader targeting the new wave of smartphone devices. In this first release, we focused on two major areas that we think differentiate Adobe Reader from other choices.

Performance
Mobile devices offer incredible opportunities, but they can also create interesting challenges as a result of limited resources and smaller screen sizes. We spent a lot of time making sure that the interaction with PDF documents was not only natural and easy, but also accurate with good performance. For instance, we tested Adobe Reader for Android against a wide variety of PDF documents and found that, on average, we successfully displayed the first page roughly twice as fast as other viewers. But, we also found that on some documents, the responsiveness of the application can lag a bit. Therefore, we are looking carefully at new ways of improving this.

Supporting the PDF Specification
The PDF specification is quite broad and includes many capabilities that address a wide range of document use cases. A key value proposition of any Adobe Reader is that it handles the fullest possible range of PDF for any given category of device or application. Given the limitations of the mobile environment, we can’t yet claim support for the full ISO 32000 specification, but we believe we support the broadest range of the spec for the most common use cases. We ran Adobe Reader for Android through our PDF test suite, which contains real-world PDF documents like annual reports, presentations, contracts, invoices and press releases. We found that other viewers did not support several common PDF features such as:

  • Transparencies: objects on a page, such as images or text that are transparent or ‘show through’, which is an extremely common way to create drop shadows for 3D effects seen in brochures and presentations
  • Smooth Shading: used to accurately describe gradient fills, which are common in PowerPoint presentation backgrounds, including many of the templates that ship with the product
  • Masked Images: images that have portions made transparent, which is common for GIF images within web pages, and subsequently the PDFs created from those web pages
  • JBIG2 and JPEG2000: Compression algorithms commonly used to optimize file size for scanned documents

While Adobe Reader for Android, rendered them successfully.

What’s Next?
Are we done? Absolutely not. In general, we believe Adobe Reader for Android offers a great PDF experience on smartphones, but our work is only beginning. PDF is an incredibly powerful standard, which allows for capabilities like dynamic media, interactive forms and digital signatures. Bringing those advanced technologies to mobile platforms will most certainly require new innovative designs, platform advancements and cloud services. One thing is for certain, your feedback is key. We’ve been very pleased with all the great thoughts so far. So, please keep it up. And, stay tuned, there’s a lot more coming!

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share
2:30 PM Permalink
May 21, 2010

Introducing Adobe Reader for Android

On the heels of some cool Adobe news last week at Google I/O (The Engineering Behind Flash Player 10.1, Available Now: Developer Prerelease of AIR for Android and Flash Player 10.1 on Google TV), I am very pleased to announce that Adobe Reader for Android is available today in the Android Market. Whether you’re browsing the web, or reading an e-mail, you can now use Adobe Reader to access PDF files on your Android device – for free, of course. We hope you enjoy the new app, and we look forward to your feedback as you check it out. Interested in new features? Let us know; we’re already thinking of some ourselves. Anxious to see the product on other platforms? Stay tuned.

Features
Adobe Reader for Android offers multi-touch gestures, like pinch-and-zoom, as well as double-tap-zoom, flick-scrolling and panning. We’ve also added a “reflow” mode, which will take text-heavy documents with wide margins, and automatically wrap the content for easy viewing on smaller screens.

reader_for_android_page_view.png
Demo
For a look at the app in action, check out the video below.

Product FAQ
Adobe Reader for Android

System Requirements

  • Android v 2.1 and above
  • 550 MHz processor
  • 256 MB of RAM
  • 4.3 MB of available disk space
  • Currently Supported Devices: Motorola Droid, Motorola Milestone & Google Nexus One (While we have not yet tested against other Android devices, we expect they may also run the application just fine.)

Reading this on your PC?
Scan the barcode with your Android device to download.
reader_for_android.png
Reading this on your Android device?
Click here to download.

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share
10:43 AM Permalink
April 8, 2010

Upcoming Adobe Reader and Acrobat 9.3.2 and 8.2.2 to be Delivered by New Updater

On Tuesday, April 13, 2010, we are planning to release Adobe Reader and Acrobat 9.3.2 and 8.2.2 as part of our regularly scheduled quarterly updates.

As mentioned in a previous blog post titled Adobe Reader and Acrobat Updates Include New Security Improvements, we have been testing a new updater technology with select beta customers since our October 13, 2009 quarterly update. The purpose of the new updater is to keep end-users up-to-date in a much more streamlined and automated way.

During our quarterly update on January 12, 2010, and then again for an out-of-cycle update on February 16, 2010, we exercised the new updater with our beta testers. This allowed us to test a variety of network configurations encountered on the Internet in order to ensure a robust update experience. That beta process has been a successful one, and we’ve incorporated several positive changes to the end-user experience and system operation. Now, we’re ready for the next phase of deployment.
On Tuesday, April 13, 2010, as part of our quarterly update, we will activate the new updater for all users needing Adobe Reader and Acrobat 9.3.2 and 8.2.2 for Windows and Macintosh. As of yesterday, April 7, 2010, we have been activating our new updater for those users who are not yet up-to-date with our latest versions. During this phase of the process, we are utilizing users’ current update setting found in the Adobe Reader and Acrobat Preferences, under the “Updater” panel, as shown in the screen captures below.

Updater Preferences for Windows

pref_win.jpg

Updater Preferences for Macintosh

pref_mac.jpg

The new updater has been optimized for each platform, and as you will notice, on Windows offers an option called “Automatically install updates.” With this option, to avoid disturbing the user, the new updater favors a time when the system is not busy to install new updates without user intervention.

Honoring the user’s choice is important to Adobe. This includes the user’s update preferences. Adobe has no plans to activate the automatic update option by default without prior user consent. That said, the security of our users is a key priority for Adobe. The majority of attacks we are seeing are exploiting software installations that are not up-to-date with the latest security fixes. We therefore believe that the automatic update option is the best choice for most end-users. We are currently evaluating options for the best long-term solution for users, which could involve presenting the user with an opt-in screen for the automatic update option as part of the next phase in the roll-out. As always, we will continue to communicate important details with you at the appropriate time.

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share
9:34 AM Permalink
April 6, 2010

PDF “/Launch” Social Engineering Attack

Recently, Didier Stevens, a well-known security researcher, demonstrated a social engineering attack, which relies on the “/launch” functionality as described in the PDF specification (ISO PDF 32000-1:2008) under section 12.6.4.5. This is a good example of powerful functionality relied upon by some users that also carries potential risks when used incorrectly by others. The warning message provided in Adobe Reader and Acrobat includes strong wording advising users to only open and execute the file if it comes from a trusted source. Furthermore, the default option within the dialog is to not execute.

Adobe takes the security of our products and technologies very seriously; we are therefore always listening to and evaluating ways to allow end-users and administrators to better manage and configure features like this one to mitigate potential associated risks. We are currently researching the best approach for this functionality in Adobe Reader and Acrobat, which we could conceivably make available during one of the regularly scheduled quarterly product updates.

As we investigate this, users can use the following method to further mitigate against this risk. For consumers, open up the Preferences panel and click on “Trust Manager” in the left pane. Clear the check box “Allow opening of non-PDF file attachments with external applications” as shown below.

trust_mgr_pref.jpg

For administrators who wish to accomplish this with a registry setting on Windows, add the following DWORD value to:
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Originals

Name: bAllowOpenFile
Type: REG_DWORD
Data: 0

Furthermore, an administrator can grey out the preference to keep end-users from turning this capability on, by adding the following DWORD value to: HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Originals

Name: bSecureOpenFile
Type: REG_DWORD
Data: 1

Note: These samples assumed you were adding registry settings to Adobe Reader 9. For Adobe Acrobat, you would replace “Acrobat Reader” with “Adobe Acrobat”, and for a different version, you would substitute its value for “9.0″.

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share
5:07 PM Permalink
January 12, 2010

Adobe Reader and Acrobat Version 9.3 and 8.2

Today, we announced the availability of Adobe Reader and Acrobat 9.3 and 8.2. For more information regarding the security details in these releases, please see Security Bulletin APSB10-02.

As mentioned in a previous blog post titled Adobe Reader and Acrobat Updates Include New Security Improvements, we have been shipping a new “beta” updater technology in a passive state since our October 13, 2009 quarterly update. The purpose of the new updater, once activated, is to keep end-users up-to-date in a much more streamlined and automated way. Today, we are testing the new updater with a subset of our end-users, who previously signed up for the beta program. This is the first time we’ve exercised the new updater with “official” updates, which allows us to test a variety of network configurations encountered on the Internet in order to ensure a robust update experience. Over the next few weeks, we will be analyzing the test results and will continue communicating important details with you, including when we expect it to be active for all users, which could be as soon as our next update.

We also talked about the introduction of the Adobe Reader and Acrobat JavaScript Blacklist Framework in that same blog post. The Framework provides customers granular control over the execution of specific JavaScript API calls. The purpose of the new JavaScript Blacklist Framework is to provide protection against attacks that target specific JavaScript API calls. As mentioned in Security Advisory- Adobe Reader and Acrobat, we were able to recommend this risk mitigation strategy during our recent zero-day exposure window. The JavaScript Blacklist Framework worked as planned and we had positive feedback from customers who were able to utilize the mitigation effectively.

As mentioned in Adobe Reader and Acrobat JavaScript Blacklist Framework Mitigation for Security Advisory – APSA09-07, if you deployed the mitigation to a “non-locked down” area, Adobe will automatically reset the Blacklist Framework with the 9.3 and 8.2 updates. But, if you deployed the registry key setting to a “locked down” area, then you will need to reset that value yourself.

Finally, as described in an earlier post, Adobe Reader and Acrobat Version 7 End of Support, support for Adobe Reader and Acrobat 7.x (as well as Adobe Reader UNIX 8.x) has ended, and Adobe strongly recommends updating to newer versions.

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share
2:23 PM Permalink
December 11, 2009

Adobe Reader and Acrobat Version 7 End of Support

As stated in the Adobe Support Lifecycle Policy, Adobe provides five years of product support from the general availability date of Adobe Reader and Adobe Acrobat (Windows and Macintosh – Note: Adobe only supports the most recent major version of Adobe Reader for UNIX Version 9.x). In line with that policy, support for Adobe Reader 7.x and Adobe Acrobat 7.x will end on December 28, 2009.

End of Support
End of Support means that Adobe will no longer provide technical support or distribute runtimes, including product and/or security updates, for all derivatives of a product or product version (e.g. localized versions, minor upgrades, operating systems, dot and double-dot releases, and connector products).

Recommendation to Customers/Users
Adobe strongly recommends that customers update to the latest versions of Adobe Reader at: http://get.adobe.com/reader. By updating installations to the latest versions, customers benefit from the latest functional enhancements and improved security measures.

Special Considerations
Adobe recognizes that some organizations still require Adobe Reader 7 for use in controlled environments. Therefore, Adobe is providing a grace period of three months, until March 31, 2010, during which time Adobe Reader 7 will remain available for those customers from the Adobe Reader Download Center at: http://get.adobe.com/reader.

Additional Resources
For more information on the Adobe Support Lifecycle Policy, visit: http://www.adobe.com/support/products/enterprise/eol. For a complete list of Adobe products and technical support periods covered under the policy, visit: http://www.adobe.com/support/products/enterprise/eol/eol_matrix.html.
An Adobe Product Security Incident Response Team (PSIRT) blog post discussing the end of support for Adobe Reader 7.x and Adobe Acrobat 7.x can be found at: ttp://blogs.adobe.com/psirt/2009/10/second_quarterly_security_upda.html.

Bookmark and Share
4:17 PM Permalink