How to protect yourself from Adobe-enabled cyber attacks
Posted on | July 24, 2009 | add a comment
Mikkel Winther, managing partner of Danish vulnerability tracking vendor Secunia, is taking Adobe to task because the current free version of Adobe Acrobat Reader, version 9.1.0, does not include the security patches for 14 security vulnerabilities the company has addressed in the last two months.
Adobe counters that that the free PDF reader also comes with Adobe Updater, which will alert the reader about the recent patches the first time Acrobat Reader is launched, and every seven days thereafter.
See WatchPost: Adobe now no. 1 hacker’s target
Winther argues that a person who downloads Acrobat Reader to open a PDF document that has just arrived in an email, could easily be compromised before installing the latest patches.
Winther says Secunia supplies a free tool – Secunia Personal Software Inspector – that can lower your risk by continually checking for out-of- date software.
Alternatively, an Adobe spokesman says consumers can manually apply all available patches by following instructions on Adobe’s “product updates” web page. Adobe provided LastWatchdog with the following screen shots:
This screen shot shows a free download offer for the lastest version of Adobe Reader:
This screen shot shows the download in progress:
This screen shot shows the Adobe Updater “balloon” alert that appears on the Windows system tray, in lower, left, near the clock. It appears once every 7 days if new updates are available.
This screen shot shows what the consumer sees upon clicking the above alert. If the user defers by clicking “remind me later” the balloon alert will reappear again in 7 days:
This screen shot shows the final “balloon” notice that appears on the Windows system tray at completion of installing updates:
–Byron Acohido