Adobe Offering Insecure Adobe Reader Version For Download, Beware

Adobe Offering Insecure Adobe Reader Version For Download, Beware: "

Adobe just recently released updates to their pdf reader Adobe Reader, raising its version to 9.3.3. The update fixed several security issues of which at least one was actively exploited in the wild. Computer users who visit the Adobe website might notice that Adobe is not offering that version for download, anywhere on the page.

Instead they are still offering Adobe Reader 9.3 for download, a version that has been releases in January 2010, and updated three times since then to fix security vulnerabilities of which some are used in attacks.

adobe reader

This opens a can of worms and raises a question, how are Adobe Reader downloaders supposed to know that the version offered is not the latest? They apparently do not get that information on the Adobe Reader download page, nor are they informed about the insecure version on startup of the pdf reader.

Adobe seems to solely rely on the Adobe Reader and Acrobat Manager, Adobearm which is configured as a startup process to launch with the operating system. This in itself is problematic depending on the computer system. Adobe ARM does not get executed before the next startup, which means that systems that run 24/7 will be insecure for that time, unless the administrator updates the program manually.

It is also inefficient if the computer user decided to block the program from being started automatically with the operating system. That’s highly understandable considering that Adobe does not provide local information about the startup item. A quick search on the Internet confirms the confusion as many users thought that the process was for ARM processors only.

Lastly, users who do not allow automatic updates on their system will also be left with an insecure version of Adobe Reader.

How to update Adobe Reader

There are two possibilities to update Adobe Reader. The first is to use the Help > Check For Updates option in the program itself. That’s obviously only an option if the computer is connected to the Internet as it will query Adobe servers to retrieve the latest version.

adobe reader update

The second option is to download the patches for Adobe Reader directly from the Adobe website.

Adobe Reader 9.3.1 Windows, Mac (Intel), Mac, Unix
Adobe Reader 9.3.2 Windows, Mac (Intel), Mac, Unix
Adobe Reader 9.3.3 Windows, Mac (Intel), Mac, Unix

Product Update Pages: Windows, Mac, Unix

Do you have Adobe Reader installed on your system? If so, which version is it?

---

© Martin for gHacks technology news, Software And Internet Tips For The Geek In You, 2010. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: adobe, adobe reader, adobearm.exe

"

New EU Rules Protect Consumers From Absurd 3G Data Bills - New system imposes monthly bill cap unless user specifies otherwise...

New EU Rules Protect Consumers From Absurd 3G Data Bills - New system imposes monthly bill cap unless user specifies otherwise...: "

Back in March we noted how the European Union was imposing new rules aimed at tackling absurd wireless data bills. The new rules, which go into effect this week, not only cap excessive roaming costs -- but also require wireless carriers to let consumers set a maximum limit on how much they want to spend on mobile data each month. That limit is set at 50 Euro by default, users are warned when they get close to that cap, and must explicitly ask for more data. So far, carriers haven't been fighting the measures:

Unlike previous roaming regulations, operators have not put up much resistance to the measures, at least publicly. 'No one in the industry benefits when a customer goes to the press with a 46,000 data bill because they have been downloading TV shows on holidays,' said one telecoms executive, referring to a reported case last year of a German traveler in France.

We've obviously seen an endless stream of these kinds of stories on this side of the pond as well -- created by a one-two punch of users who don't read their contracts or understand usage terminology -- and amoral carriers who don't care (until after the press makes them look bad) that they're engaged in significant overcharging. The FCC has stated they're taking a look at Bill Shock, and carriers have been busy trying to highlight the many tools users have to track usage in the hopes of avoiding EU-style rules.

"

Desktop Virtualization with MokaFive

Desktop Virtualization with MokaFive: "

As we become more and more accustomed to storing and accessing information via the cloud, it's likely that we'll see increased pressures on IT departments to help manage, control and facilitate employees' access to information - not just on their work stations, but on any number of personal and company computing devices. According to Punima Padmanabhan, Vice President of Products for MokaFive, desktop virtualization will help address what she sees as a growing trend, BYOC - Bring Your Own Computer. And while virtual desktop solutions aren't new, MokaFive is evangelizing their platform-agnostic solution for client-side, rather than server-side implementation.

Sponsor

Spurred in part by the rising popularity of personal smartphones, more and more employees want to be able to utilize their own computing devices - phones, netbooks, laptops - in lieu of company-issued ones. 'Knowledge workers don't want to be locked down,' says Padmanabhan, arguing that more and more employees want to have the flexibility to choose the hardware they use at work, and in some cases, use their own computing devices rather than company-issued ones.

But this raises a lot of questions for IT: security, software installation and updates, support requests.

MokaFive's flagship product MokaFiveSuite addresses many of these issues, allowing IT departments to manage the delivery of secure virtual environments. Called LivePC, these images run locally, so end-users download a secure virtual desktop that can be run on any computer - Windows or Mac - and that can also be launched from a mobile device or USB stick. Updates and patches can be made to a single golden image that MokaFive can distribute to each LivePC. The product allows on- and offline access, as well as a single-button recovery from viruses and malware.

MokaFive recently received $21 million in Series C funding, with investment from NGEN Partners, Khosla Ventures and Highland Capital Partners. Competitors include Citrix, RingCube and vThere.

Discuss

"

Icon Motors Re-engineers King of the Trail

Icon Motors Re-engineers King of the Trail: "Buckle up! The Icon CJ3B off-roader may look a Jeep, but its insides are all new. It's faster and insanely maneuverable, its steel body is Teflon-protected, and every light is LED.

"

Apple reportedly hard at work on serious Apple TV update

Apple reportedly hard at work on serious Apple TV update: "

Since its introduction in 2007, the Apple TV has languished as a 'hobby' device for Apple and hasn't been significantly revised since. Sure, there have been a few minor tweaks to the software or user interface, but Apple has failed to make Apple TV a successful set-top box with wide appeal. Sources speaking to The New York Times now suggest that big changes are brewing inside Apple, backed by a number of designers with experience in the television industry.

First, Apple is reportedly working on a major update to the software that runs the Apple TV, which may be based on iOS. No details about the hardware are known, but it would make perfect sense for Apple to build it around an A4 variant and utilize iOS, which is already optimized for small devices and media consumption.

Such a plan falls in line with previous rumors that Apple would ditch the internal hard drive for a streaming-only design, likely utilizing expertise from Apple's recent Lala acquisition. iOS could also make it possible for services like Netflix or Hulu to build Apple TV 'apps' that add additional sources of content outside of Apple's own iTunes Store. And we may yet see the fruits of Apple's efforts to offer an iTunes-based TV subscription service.

The most interesting detail from the report concerns the staff that Apple has working on the project. A recently departed Apple employee told the Times that the "more advanced work" on the project is taking place outside of the Apple TV group. Another source said that Apple recently hired a number of UI and graphics people "who have a background in broadcast design for television."

The Apple TV has been a "hobby" for far too long and, at this point, even dedicated fans are beginning to lose interest. If Apple cares about the set-top box market, it needs to get serious about competing with the likes of the Roku Player, Internet-connected Blu-ray players, and consoles that increasingly offer expandable connectivity to online sources for TV and movies.

Read the comments on this post

"

Obama Announces $795 Million In Broadband Expansion Grants - While at the same time Democrats push to trim broadband funds...

Obama Announces $795 Million In Broadband Expansion Grants - While at the same time Democrats push to trim broadband funds...: "

The Obama Administration today announced that they've picked new stimulus winners, and are doling out roughly $795 million in grants and loans to help expand broadband service across the country. You can see a full list of the funding awards here (pdf), many of which fill in fiber 'middle mile' gaps in various rural communities. According to the Obama Administration, the investment will create 5,000 construction and installation jobs, and $200 million in associated private investment. Says the White House release:

In total, tens of millions of Americans and over 685,000 businesses, 900 healthcare facilities and 2,400 schools in all fifty states stand to benefit from the awards. The $795 million in grants and loans through the Departments of Commerce and Agriculture have been matched by over $200 million in outside investment, for a total public-private investment of more than $1 billion in bringing broadband service to these communities, most of which currently have little or no access, to help them better compete and do business in the global marketplace.

At the same time the White House was lauding broadband investment, House Appropriations Chairman David Obey (D-Wis.) was busy proposing an amendment to the Afghanistan and Iraq war supplemental that would trim broadband investment by roughly $602 million to offset war costs. According to a statement (pdf) by Obey, broadband's one of several stimulus investments 'that no longer require the funding' or 'have sufficient funds on hand.'

Groups like Media Access Project quickly complained that redirecting those funds was a mistake. 'The $602 million to be reallocated represents a negligible portion of U.S. war spending,' argues the group. 'But these funds would cover the cost of a large number of broadband infrastructure and adoption projects spanning multiple states, to benefit thousands of people living and working without adequate access to the Internet.'
read comment(s)

"

Verizon loses class action ETF appeal, will pay $21 million settlement

Verizon loses class action ETF appeal, will pay $21 million settlement: "

A California appeals court has ruled that Verizon Wireless is to pay some 175,000 customers current and former customers $21 million as a settlement in a class action lawsuit over early termination fees. The class action suit was filed in California on the behalf of customers who were upset that Verizon asked they pay a flat ETF of $175 regardless of how many months were left on their contract. Each customer is expected to receive $87.50 as a result of the ruling. Too bad history is bound to repeat itself now that Verizon’s ETF for “advanced devices” (i.e. smartphones) is set at $350.

Read

"