Next week, Adobe Systems will begin testing new automatic software designed to make it easier for Reader and Acrobat users to keep their products up-to-date.
The company will begin a beta test of its new updater, called the Adobe Reader/Acrobat Updater, with next week’s critical security updates, due Jan. 12, said Brad Arkin, Adobe’s director of product security and privacy.
The Adobe Updater was quietly installed on users’ systems back in October 2009, but it is being turned on for the first time during next week’s beta test. If everything goes well, Reader and Acrobat users on Macintosh and Windows computers will be offered the new update mechanism as a default option with the company’s next security update, currently scheduled for release on April 13.
Users who do not want automatic updates can chose to download updates manually, or use a “semi-automatic” process similar to the current system. With a semi-automatic update, the patch is automatically downloaded, but does not get installed until the user gives permission.
Adobe’s current updater, called the Adobe Update Manager, pops up an installation window when new patches are available, but too many people are holding off on clicking “yes” and actually installing the patches. “We know that getting people updated and keeping them updated is the number-one thing we can do in terms of keeping them protected against attacks,” Arkin said.
Reader has emerged as a top hacker target over the past year, and Arkin’s team has been sent scrambling several times to fix flaws in Reader and Acrobat after they were exploited by hackers. In fact, next week’s Adobe updates will patch a bug that has been used in online attacks for several weeks now.
Security experts say that, aside from keeping Reader up-to-date, the best way to avoid these attacks is to disable JavaScript in Adobe’s software. (Do this by unchecking the “Enable JavaScript” box found under Edit -> Preferences -> JavaScript in Reader).
Arkin said that Adobe may use the new updater for other products as well, though that decision hasn’t been made yet. “We’ll learn from it and see if it’s applicable for other products,” he said.
Editor’s Note: This article was updated at 11:54 a.m. PT to correct the name of the Adobe Reader/Acrobat Updater.