How to protect yourself from Adobe-enabled cyber attacks

mikkel_winther_cropMikkel Winther, managing partner of Danish vulnerability tracking vendor Secunia, is taking Adobe to task because the current free version of Adobe Acrobat Reader, version 9.1.0, does not include the security patches for 14 security vulnerabilities the company has addressed in the last two months.

Adobe counters that that the free PDF reader also comes with Adobe Updater, which will alert the reader about the recent patches the first time Acrobat Reader is launched, and every seven days thereafter.

See WatchPost: Adobe now no. 1 hacker’s target

Winther argues that a person who downloads Acrobat Reader to open a PDF document that has just arrived in an email, could easily be compromised before installing the latest patches.

Winther says Secunia supplies a free tool — Secunia Personal Software Inspector — that can lower your risk by continually checking for out-of- date software.

Alternatively, an Adobe spokesman says consumers can manually apply all available patches by following instructions on Adobe’s “product updates” web page. Adobe provided LastWatchdog with the following screen shots:

This screen shot shows a free download offer for the lastest version of Adobe Reader:

acrobat-updater-shot1_450This screen shot shows the download in progress:

acrobat-updater-shot2_4502This screen shot shows the Adobe Updater “balloon” alert that appears on the Windows system tray, in lower, left, near the clock. It appears once every 7 days if new updates are available.

acrobat-updater-shot3_4502This screen shot shows what the consumer sees upon clicking the above alert.  If the user defers by clicking “remind me later” the balloon alert will reappear again in 7 days:

acrobat-updater-shot4_4501This screen shot shows the final “balloon” notice that appears on the Windows system tray at completion of installing updates:


–Byron Acohido

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone