Adobe plans to release auto-updater for Acrobat Reader as exploits are seen of unpatched vulnerability

News by Dan Raywood

Adobe is testing the functionality of an auto-updater for Acrobat Reader following a number of recent PDF threats.

Adobe is testing the functionality of an auto-updater for its Acrobat Reader following a number of recent PDF threats.

PC World has reported that the company will begin a beta test of its new updater, called the Acrobat Refresh Manager, with next week's critical security updates.

Steve Gottwals, group product manager at Adobe Systems, revealed in October on the Adobe reader blog that Adobe Reader and Acrobat 9.2 and 8.1.7 were shipping with a new beta updater technology, which was initially in a passive state.

He said in October: “Even though the new updater ships in a passive state, we have the ability to selectively activate it for end-users invited into the beta program, which will allow us to test a variety of network configurations encountered on the internet in order to ensure a robust update experience.

“The purpose of the new updater, once it is active, is to keep end-users up-to-date in a much more streamlined and automated way. As beta testing progresses, we will continue to communicate pertinent details with you about the new updater, including when we expect it will be active for all users.”

It is planned for the updater to be turned on next week and if all goes well, Reader and Acrobat users on Macintosh and Windows computers will be offered the new update mechanism as a default option with the company's next security update, currently scheduled for release on 13th April.

Brad Arkin, Adobe's director of product security and privacy, said: “We know that getting people updated and keeping them updated is the number one thing we can do in terms of keeping them protected against attacks.”

Adobe is also expected to patch a vulnerability next week in Adobe Reader and Acrobat, after it announced in December that the update would be released by 12th January 2010 to resolve the issue.

Trend Micro threat response engineer Jessa De La Torre wrote in a company blog that an unpatched Adobe vulnerability is still being exploited in the wild. The blog said that the sample (detected by Trend Micro as TROJ_PIDIEF.WIA) uses the heap spray technique to execute shellcode in its stream. As a result, a malicious file detected as BKDR_POISON.UC is dropped into the system.

When executed, BKDR_POISON.UC opens an instance of Internet Explorer and connects to a remote site, cecon.{BLOCKED} Once connected, a malicious user may execute any command on the affected system.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews