Adobe to introduce silent updates for Reader

Through implementing the background silent update feature in its Chrome web browser Google has already established that silent updates can be very useful for improving a products security. Now Adobe also plans to introduce "silent updates", updates which are installed without requiring user permission, in a forthcoming version of Adobe Reader. As Adobe security chief Brad Arkin explained in an interview with threatpost.com, beta testers are due to receive the new feature for the first time before the end of this month. The testers will receive the updates on Adobe's regular patch day on the 12th of January via an updater that was already deployed last October.

If testing is successful, the feature is to be integrated into the next official release of Adobe Reader, where it will be enabled by default. However, users will reportedly be able to customise the function and disable it if they require. Adobe hopes that the new update function will cause fewer users to run vulnerable installations of Reader.

Last year, the vendor already responded to an increasing amount of criticism concerning its security processes by introducing a quarterly patch cycle when new versions of Adobe Acrobat and of Reader are released to close any holes. As the free Reader is (pre)installed on most Windows systems, a compromised version leaves many systems vulnerable, and criminals exploit this for their attacks.

On the 12th of January, Adobe plans to make a regular update for Adobe Reader and Acrobat available to download. These will close vulnerabilities that include a critical hole in the DocMedia.newPlayer JavaScript function, which is already being actively exploited.

See also:

• Adobe not planning to close critical vulnerability in Reader until January, a report from The H.
• F-Secure advises against using Adobe Reader, a report from The H.
• Study says silent updates enhance security, a report from The H.

(crve)