Adobe to release quarterly security updates
According to a blog post by Brad Arkin, Adobe's Director of Product Security and Privacy, Adobe will begin releasing it's security updates on a quarterly basis, each quarterly update to coincide with a Microsoft Patch Tuesday. The Patch Tuesday updates from Microsoft are released on the second Tuesday of each month. Previously, Adobe patched vulnerabilities on a version-by-version basis, patching the most widely used versions first and then working backward. Adobe's new approach to updates will take place every three months and is aimed at promoting Adobe's commitment to the security of its customers.
Arkin manages Adobe's proactive security team, the Adobe Secure Software Engineering Team (ASSET), and the Product Security Incident Response Team (PSIRT), Adobe's reactive team. Both of the teams will be working with the Reader and Acrobat engineers to focus on code hardening, improving the incident response process and releasing regular security updates.
In recent months, Adobe has patched several critical vulnerabilities in its Reader and Acrobat products that could have allowed an attacker to take control of the affected system. The new update initiative is designed to reduce the amount of time that Adobe needs to patch vulnerabilities in its products. Arkin also said that people outside of Adobe "will see more timely communications regarding incidents, quicker turn-around times on patch releases, and simultaneous (across platform and version) patches for more affected versions as we move forward."
According to the post, it was coincidental that the recent security patch releases on the 10th of March and the 12th of May, both happened on Patch Tuesdays. Adobe plans to start the new security update program within the next three months.
- Security Update for Adobe Flash Media Server, a report from The H.
- F-Secure advises against using Adobe Reader, a report from The H.