Category Archives: Adobe

Adobe Acrobat Reader updates

Adobe logoFirst, a few words about nomenclature…

Acrobat Reader is the name of Adobe’s free PDF viewer software. It was formerly referred to as Adobe Reader, but its full official name is now Adobe Acrobat Reader. It’s basically a stripped-down version of Acrobat, Adobe’s commercial PDF authoring tool, with most of Acrobat’s authoring capabilities removed. Acrobat Reader is free software, while Acrobat is not. If you need to author new PDF files, you need Acrobat. If you merely wish to view existing PDF files, all you need is Acrobat Reader, although Acrobat also does that.

At one point, there was only one version of Acrobat and one corresponding version of Reader. Sadly, those simpler days ended in 2015 when Adobe introduced ‘Document Cloud’ (DC) variations: Acrobat DC and Acrobat Reader DC. These new variants include cloud storage capabilities, making PDF viewing and editing more convenient for folks who work on multiple computers and platforms.

Confusing things further was a new split in the Acrobat/Reader catalog, between Continuous and Classic release tracks. They differ mainly in release priorities and update schedules. Classic variants are updated quarterly, and occasionally at other times; updates are limited to bug and security fixes. Continuous variants are updated more frequently, and besides bug and security fixes, updates include new features and enhancements.

On October 15, 2017, Adobe stopped producing the original Acrobat/Reader software in favour of the new Acrobat/Reader DC. The old software’s last version was 11.0.23. Adobe now officially recommends the DC variants over anything else. This should have simplified things, and it did, to some extent.

Adobe is also still making desktop-only versions of Acrobat and Acrobat Reader, which they refer to as Acrobat 2017 and Acrobat Reader 2017.

There’s more headache-inducing details on the Document Cloud Product Tracks page on the Adobe web site.

Which one?

Okay, so which version of Acrobat Reader do I install if I just want to view PDF files? For regular folks, it’s easiest to just stick with what Adobe wants you to use, which in most cases is Acrobat Reader DC (Continuous). The desktop-only version and the DC Classic versions exist mostly for IT staff who have very specific reasons for not wanting to run DC Continuous. For them, it comes down to a choice between having access to the latest features, and being somewhat less likely to encounter problems. For example, if ‘stable and secure’ is the goal, Acrobat Reader DC Classic Track is the right choice.

February 2018 updates

With that out of the way, let’s talk about the new versions of Acrobat Reader that were released earlier this week.

A February 13 security bulletin from Adobe lists forty-one vulnerabilities, affecting earlier versions of all Acrobat Reader variants, including Acrobat Reader DC (Continuous Track) 2018.009.20050, Acrobat Reader 2017 2017.011.30070, and Acrobat Reader DC (Classic Track) 2015.006.30394.

New Acrobat Reader versions addressing those vulnerabilities are:

Acrobat Reader DC (Continuous Track) 2018.011.20035
Acrobat Reader DC (Classic Track) 2015.006.30413
Acrobat Reader 2017 2017.011.30078

There are additional details on the main release notes page for Acrobat and Acrobat Reader.

You can install Acrobat Reader by visiting the official download page at get.adobe.com/reader. That page will offer the version it thinks is best suited to your device, which for my Windows 8.1 PC is Acrobat Reader DC (Continuous Track) version 2018.011.20035. That’s also the version Adobe wants us all to use.

If you want a variant other than the one offered in the Download Center, you’ll have to navigate Adobe’s labyrinthine FTP site.

To install Acrobat Reader 2017 for Windows, go to the Acrobat2017 folder on the Adobe FTP site. Click the topmost folder, then click the installer EXE file in that folder to download it. Once installed, Acrobat Reader 2017 will keep itself updated, and you can check for any pending updates by selecting Help > Check for updates on its menu.

To install Acrobat Reader DC Classic for Windows, go to the Acrobat2015 folder on the Adobe FTP site. Click the topmost folder, then click the installer EXE file in that folder to download it. Once installed, Acrobat Reader DC Classic will keep itself updated, and you can check for any pending updates by selecting Help > Check for updates on its menu.

Flash 28.0.0.161 fixes two critical vulnerabilities

Adobe logoAs expected, Adobe has released a new version of Flash that addresses CVE-2018-4878 and another critical vulnerability, CVE-2018-4877. A new security bulletin (APSB18-03) provides additional details.

The new version was made available on February 6. The release notes show that at least one other bug was fixed in Flash 28.0.0.161.

Anyone still using a web browser with Flash enabled should make sure that it’s up to date. CVE-2018-4877 is already being actively exploited.

As usual, Chrome will update itself automatically, and Internet Explorer and Edge will get the new Flash via Windows Update.

New Flash vulnerability already being exploited

Adobe logoOn February 1, Adobe published a security advisory about a critical vulnerability (CVE-2018-4878) in Flash Player 28.0.0.137 and earlier versions. Successful exploitation could allow an attacker to take control of an affected system.

An exploit for CVE-2018-4878 already exists, and is being used in targeted attacks against Windows users. So far, attacks based on this vulnerability have been delivered via Office documents with malicious Flash content as email attachments.

Adobe plans to address this vulnerability next week. Meanwhile, use extreme caution when deciding whether to open email attachments, especially if they appear to be Office documents.

Flash is gradually disappearing from use, but it’s still used enough to make it a tempting target for malicious hackers.

Duo Security: No Patch Yet: Flash Vulnerability Exploited in the Wild

Flash 28.0.0.126

Adobe logoAdobe released a new version of Flash to coincide with yesterday’s Microsoft updates. Flash 28.0.0.126 fixes a few minor issues and one security vulnerability.

As usual, Chrome will update itself with the latest Flash, and Microsoft browsers will receive updates via Windows Update.

If you still use Flash, and in particular if you use a web browser that is configured to play Flash content, you should install the new version as soon as possible. Better still, stop using Flash altogether. Flash is being phased out in some browsers, including Firefox. Many web sites that formerly used Flash have switched to HTML5.

November updates for Adobe products

Adobe logoYesterday, Adobe announced updates for several of its main products, including Flash, Acrobat Reader, and Shockwave.

Flash 27.0.0.187 addresses five critical vulnerabilities in earlier versions. You can download the new desktop version from the main Flash download page. That page usually offers to install additional software, which you should avoid. Chrome will as usual update itself with the new version, and both Internet Explorer and Edge will get their own updates via Windows Update.

Acrobat Reader 11.0.23 includes fixes for a whopping sixty-two vulnerabilities, all flagged as critical, in earlier versions. Download the full installer from the Acrobat Reader Download Center.

Shockwave Player 12.3.1.201 addresses a single critical security issue in earlier versions. Download the new version from the Adobe Shockwave Player Download Center.

If you use Flash, Reader or Shockwave to view content from untrusted sources, or if you use a web browser with add-ons enabled for any of these technologies, you should update affected systems immediately.

Flash 27.0.0.170 fixes one security issue

Adobe logoAnd just like that, we get another version of Flash, this one addressing a single security vulnerability. From the security bulletin: “Adobe is aware of a report that an exploit for CVE-2017-11292 exists in the wild, and is being used in limited, targeted attacks against users running Windows.”

Anyone still using Flash in their web browser should install the new version as soon as possible. You can check which version you’re running and download the new one at the Flash version checker and download page.

As usual, Chrome will get the new Flash via its own internal update system, and Microsoft browsers will be updated via Windows Update.

No security fixes in latest Flash: 27.0.0.159

Adobe logoA new version of Flash includes a few bug fixes and other functionality changes, but no security fixes. Still, you’ll most likely need to update Flash in your browser to view Flash content.

As usual, Chrome will get the new Flash via its own internal update system, and Microsoft browsers will be updated via Windows Update.

Patch Tuesday for September 2017

This month’s updates from Microsoft include a patch for a nasty zero-day vulnerability in the .NET framework.

The announcement for this batch of updates is of course just a link to the Security Update Guide, where it’s up to the user to wade through piles of information and determine what’s relevant.

Here’s what I’ve been able to glean from my explorations: there are ninety-four updates, affecting Internet Explorer, Edge, Windows, Office, Adobe Flash Player, Skype, and the .NET Framework. A total of eighty-five vulnerabilities are addressed, twenty-nine of which are flagged as Critical.

As you may have guessed, this month we also have yet another new version of Flash. Microsoft included the new version in updates for Edge and Internet Explorer, and Chrome will get the new version via its internal auto-updater. Desktop Flash users should visit the main Flash page to get the new version. Flash 27.0.0.130 addresses two critical vulnerabilities in previous versions.

Adobe Reader update fixes 67 vulnerabilities

AdobeAdobe normally releases patched versions of its main products on the second Tuesday of each month, to coincide with Microsoft’s update schedule. Occasionally they will depart from this schedule, as they have with the new versions of Reader/Acrobat announced on August 29.

The new versions of Reader and Acrobat address sixty-seven vulnerabilities, many of which were discovered by security researchers outside Adobe. All of the vulnerabilities involve either information disclosure or remote code execution.

Anyone who uses Adobe Reader or Acrobat is advised to install the new versions as soon as possible. You can do that by visiting the Acrobat Reader Download Center.