Just last night, we announced the availability of updates to both Adobe Acrobat and Reader, bringing them up to version 10.1. Along with a significant list of vulnerability mitigations, these updates also bring with them substantial changes to the secure operation of Acrobat on Windows, and to the digital signature functionality across platforms.
First, Acrobat 10.1 on Windows now features the same Protected Mode operation as Adobe Reader X, protecting users from malicious PDFs. Additional information on Acrobat’s implementation of sandboxing is available on the Adobe Secure Software Engineering Team’s (ASSET) blog. For those savvy in digital signatures, note that Protected Mode (on both Acrobat and Reader) may impair the installation of PKCS#11-based tokens. Refer to the simple instructions here for a workaround.
And if you’re like me and love the nitty-gritty details of digital signatures, you’ll probably appreciate the other signature-specific changes in 10.1…
- IdenTrust certificates with a SHA256 hash will now be accepted. Prior to this release, Acrobat and Reader enforced SHA1 usage.
- Signing and validation times are now presented in a clearer fashion. (Click any of the thumbnails to magnify)
Signature Properties in Acrobat X, pre-10.1 update
Signature Properties in Acrobat X after 10.1 update. Note the use of ‘Signing Time’ and additional details relating to the embedded timestamp and the validation time.
- OCSP responses without NextUpdate are now embedded in signatures as part of Acrobat and Reader’s ability to support long-term validation. However, how they are used in validation depends on certain conditions.
- Prior to 10.1, signed or certified PDF portfolios required a user to open the cover sheet to see the signature and its status. With this latest release, signature status can now be easily viewed when opening the PDF portfolio.
Pre-10.1 update. Note that there is no immediate notice of the signature status for this portfolio in the default view. Users need to open the cover page.
Displaying a signed PDF Portfolio, post 10.1 update. Note the signature status ‘badge’ in the toolbar at the top of the screen. Clicking this opens the cover page so users can get more information on the signature.
Always be sure to update your copies of Reader, Acrobat and Flash for optimum security, performance, and features.
The full release notes for Reader and Acrobat 10.1 can be found here.