Adobe slates critical Reader security update for Tuesday

Adobe plans to issue security updates for its PDF viewer Reader and for Acrobat to fix critical flaws in the software on Windows and Apple's OS X

Adobe yesterday said it would issue security updates next week for its PDF viewer Reader as well as for Acrobat, its PDF creator, to fix critical flaws in the software on Windows and Apple's OS X.

But it won't be updating Flash Player, its ultra-popular media playing program. If that holds through the end of the month -- if Adobe does not have to issue an "out-of-cycle," or emergency patch -- it would be a first for 2014.

[ It's time to rethink security. Two former CIOs show you how to rethink your security strategy for today's world. Bonus: Available in PDF and e-book versions. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

The San Jose, Calif. company has taken to mimicking Microsoft in both delivering security updates on the second Tuesday of each month -- what most call "Patch Tuesday, but which Microsoft prefers to dub "Update Tuesday" -- and issuing advance notifications of those updates on the prior Thursday.

Adobe Reader 10 and 11 will be patched on Windows and OS X, Adobe said, as will Acrobat 10 and 11.

The updates will be marked critical, Adobe's highest threat ranking, which indicates that the vulnerabilities, if successfully exploited by cyber criminals, could be used to hijack a personal computer and inject malware into the machine.

Adobe relies on the same four-step threat rating system that Microsoft created, which runs from critical and important to moderate and finally, low. Although Adobe did not disclose details of the upcoming updates -- again, hewing to Microsoft's practice -- it assigned "Priority 1" to the patches.

"This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild," Adobe states on a page that defines priority levels. "Adobe recommends administrators install the update as soon as possible (for example, within 72 hours)."

Adobe last patched Reader and Acrobat on Aug. 12. The company has fixed flaws in the programs three different times this year.

Adobe Flash Player, which is more widely installed and used than Reader, will not be patched next week. Since the start of 2014, Adobe has released 10 security updates for the frequently-targeted Flash Player, with at least one each month.

The Reader and Acrobat updates will ship on Sept. 9, the same day Microsoft will issue four security updates for Windows, Internet Explorer, .Net Framework and Lync Server.

This story, "Adobe slates critical Reader security update for Tuesday" was originally published by Computerworld.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies