Tuesday, March 08, 2016

Adobe Reader and Acrobat Out-of-Band Security Update

Adobe has released out-of-band security updates for Adobe Reader and Acrobat XI for Windows and Macintosh. The update addresses numerous critical vulnerabilities and should be installed as soon as possible.

Release date: March 8, 2016
Vulnerability identifier: APSB16-09
CVE numbers:  CVE-2016-1007, CVE-2016-1008, CVE-2016-1009
Platform: Windows and Macintosh

Update or Complete Download

Update checks can be manually activated by choosing Help > Check for Updates.
    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

    End of Support:  Adobe Acrobat X and Adobe Reader 

    Adobe Acrobat X and Adobe Reader X are no longer supported (see here). Adobe recommends Adobe Acrobat DC (FAQ) and Adobe Acrobat Reader DC (FAQ).  However, another alternate is available to replace Adobe Reader. Personally, I like Sumatra PDF.  It isn't a target and doesn't include unwanted extras with the install or updates.  

    Enable "Protected View"

    Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Neither the Protected Mode or Protected View option is available for Macintosh users.

    To enable this setting, do the following:
    • Click Edit > Preferences > Security (Enhanced) menu. 
    • Change the "Off" setting to "All Files".
    • Ensure the "Enable Enhanced Security" box is checked. 

    Adobe Protected View
    Image via Sophos Naked Security Blog


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    No comments: