Adobe Systems has been called out by Secunia, a firm that exposes software vulnerabilies, for the outdated and unsafe software on its downloads page which contains dozens of security vulnerabilities. Several of these gaps in security are already being exploited in order to install harmful malware on users’ machines.
Customers who download Adobe Reader from the company’s official downloads page will find that it automatically installs version 9.1 of the program on their machines, even though the most recent version is 9.1.2. This irregularity could put users at considerable risk for infection given the number of vulnerabilities patched in the two past versions.
Unsurprisingly, Adobe defended their practices, pointing out that the page simply offers the Adobe Reader installer, which once running, will notify users of any important updates. “Adobe Updater will check for updates immediately on first launch,” read the company’s statement. “Thereafter, Adobe Updater checks for updates every seven days from that first launch.” The statement went on to say that users can even manually manage Reader updates if they wish.
Adobe seems to be correct when it claims the installer prompts users of older versions to update with, but that doesn’t mean that the practice is safe. With an impressively vast majority of the computing world using their software, it’s highly likely that a percentage of them will open a compromised PDF on their first use. Not to mention that part of making your product secure is minimizing the hassle of updating to the latest version. Courtesy of theregister.co.uk