We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Mysterious Adobe Reader patches released

Adobe Reader update fixes 27 bugs

Adobe has patched "a number of ... security vulnerabilities" in its free Adobe Reader software, but refused to provide details of the bugs it found and fixed.

Adobe Reader 8.1.2 addresses 27 items, most of which appeared to be usability problems, with a few stability issues thrown in for good measure. None of the 27 fixes listed in the 8.1.2 Release Notes called out a security vulnerability.

The lack of information about the purported bugs patched in 8.1.2 surprised some security researchers. "Curiously, no further details are available about the security update, which is not the norm for Adobe," said Thomas Kristensen, the chief technology officer at vulnerability tracker Secunia.

Adobe was much more verbose in its explanations the last time it updated Reader. In October 2007, for example, when it patched Reader for a vulnerability that exposed most Windows XP users to exploits in malicious PDF files, the company published a support document that described the fixes in considerable detail and labelled the single security vulnerability as such.

However, Andrew Storms, director of security operations at nCircle, didn't see the move as a change. "My first thought is that it's no big deal," said Storms. "Vendors like Adobe have no historically standardised way of presenting information, which is in great contrast with Microsoft, which is very rigid about what and how it presents information.

"From Microsoft, we know what to expect each month," Storms said. "And Oracle is another [vendor] that has done a great service for the industry by standardising. But Adobe has not done that." The differences between October and today, he continued, might be attributable to something as mundane as someone different at Adobe writing up the bulletin.

According to Secunia, there is only one outstanding vulnerability in Reader that has not yet been patched - an information-disclosure bug that harks back to early March 2007. None of the more than two-dozen problems acknowledged by Adobe, however, match the description of the unpatched bug.

Adobe did not responds to questions about the information it has posted - and not posted - around the release of Reader 8.1.2.

The new version, which can be downloaded from the Adobe website or retrieved using the updater bundled with Reader, targets Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Mac OS X 10.4.3 and later.

For more PC security news, reviews and tutorials, see Security Advisor

IDG UK Sites

LG G4 launch live! LG G4 launch live blog - What to expect from the LG G4 launch, LG G4 launch...

IDG UK Sites

Apple Watch release day: Twitter reacts

IDG UK Sites

QuarkXPress 2015 released: the DTP tool gets a speed boost and long-document tools

IDG UK Sites

Apple Watch buying guide, price list & where to buy today: Which Apple Watch model, size, material,?......