We're all for beefing up the security in Adobe's Acrobat products, and that's one of the things the software maker has done with its new Acrobat X family, which includes Acrobat X, Reader X, the Acrobat X Suite, and new document exchange services at Acrobat.com.
The Acrobat X platform employs sandboxing security technology (Protected Mode in Reader) designed to mitigate the risks of viewing PDF files.
Acrobat X also brings a bunch of new features to the table, including new guided Actions to simplify multi-step document preparation and publishing processes, new customization capabilities in PDF Portfolios, and new document services available at Acrobat.com to help streamline collaboration.
As Adobe's Max developer conference nears, the company has announced that their version of Flash for Android has been downloaded over 1 million times. It took time, but Flash content is working on a range of mobile devices running Android 2.2. Performance tends to vary from device to device, but it seems most users are installing it.
Adobe originally intended to allow most Android devices to run Flash, but as development continued, it became clear that wasn't happening. The minimum specs for Flash ended up being fairly modern. This has at least kept the experience fairly good. The limited number of devices also means this 1 million mark is more significant. If you're an Android user, let us know how you are liking Flash. Do you have it set to only display on demand, or is it snappy enough that you just leave it on?
Adobe on Tuesday released a mega patch with 23 security fixes for its Reader PDF viewer, most of which are ranked as critical. The patch set a record for 2010 (um, woot?) though didn't quite topple Adobe's previous record of 29 bug fixes in October 2009.
"Adobe is hitting customers with a double whammy today," said Andrew Storms, director of security operations at nCircle Security. "Adobe products continue to be at the top of the target list for malware writers. They patched a zero-day flaw in Flash in late September, and today they are releasing their quarterly Acrobat update ahead of schedule because of another zero-day."
Out of the 23 updates, 20 of them "could lead to code execution," according to Adobe's security bulletin. The patch also plugs up a hole first revealed on September 7 by Mila Parkour, who reported the attack after discovering some funny business with PDFs attached to emails.
Adobe this week let it be known that sales and earnings for the next quarter will likely fall short of expectations, news of which sent the software maker's stock in a free-fall.
Adobe shares sank more than 20 percent from Tuesday's close, even going so far as to hit a new 52-week low at $25.81 per share.
"We're taking a cautious approach to the guidance," Chief Executive Officer Shantanu Narayen said during a conference call with analysts. "The U.S. back-to-school environment this time was a little weaker overall."
Education sales account for more than 10 percent of Adobe's revenue, but that's not the only factor. Adobe also cited weak sales in Japan, noting that the Japanese economy "hasn't really come out of the recession yet."
Adobe now expects fourth-quarter revenue to be in the neighborhood of $950 million to $1 billion, less than the $1.03 billion some analysts had projected.
Adobe last Monday warned of a zero-day bug in its Flash player and promised to roll out a patch on September 27. But on Friday it pushed in the critical security update by a week, meaning that it will now be rolled out on September 20, which is today, instead of next Monday. The bug is not exclusive to the Flash player, though. According to the company, it also affects “Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh.”
Despite today's security update, Reader and Acrobat will continue to remain susceptible for at least a couple of weeks, for Adobe plans to issue a separate patch for them during the week of October 4. Chrome users have been immune to the critical bug for a few days now. Last week, Google updated Chrome to version 6.0.472.62 that features patched version of Flash.
According to the security advisory Adobe issued last week:“This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.”
For those of you still getting your PDF fix with Adobe's Acrobat software, you might have been tempted to install an unofficial security patch from security and software firm RamzAfzar. The third-party fix replaces the vulnerable CoolType.dll, addressing a critical Reader bug Adobe disclosed earlier this month.
"We've decided to modify this strcat call and convert it to strncat. Why? Because strncat at least receives the buffer size and how much bytes you want to copy from src do dest," RamzAfzar explains about its patch.
According to Threatpost.com, Adobe confirmed in an email that the unofficial patch does seem to stop vulnerable versions of Reader from crashing, but warns there are always concerns with installing software from unknown sources. As Adobe explains, a DLL is the equivalent to an EXE and users should never install these from an untrusted publisher. In addition, users will have no guarantee that future Adobe updates will work after applying third-party patch jobs. And finally, Adobe warns that altering the DLL might break functionality and could disrupt critical workflows.
But is it really as dangerous as Adobe warns? Maybe, maybe not. The unofficial patch has the backing of at least one security researcher who earlier this week tweeted that it works as advertises, and nothing more.
Right on the heels of the Internet Explorer 9 beta, Adobe is talking about their upcoming 64-bit Flash plug-in called "Square". This new version of the plug-in should run fine in a 64-bit browser like the new IE9. The preview of this new plug-in can be downloaded now for Windows, Mac, and Linux. Open source nerds are pleased with that last point. They have traditionally been left on older versions of Flash.
Adobe is claiming that users will see a performance increase, although they were light on the benchmarks. They did say that the there will be a 35% increase over older versions of IE in Flash performance, but it's hard to know how much of that is thanks to the new IE9 engine. Have you tried the preview? Noticing any speed improvements?
Adobe on Monday issued another security advisory warning users of yet another zero-day bug in its software. This is the second time this month that the San Jose-based software developer has warned of a critical bug that is reportedly being exploited in the wild. While the first advisory, issued only a few days ago, warned of a critical bug in Reader and Acrobat, the latest warning pertains to a critical vulnerability in its Flash player.
“A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh,” the bug-inured company warned in the advisory.
“This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.”
The company expects to provide patches for both the vulnerabilities within the next three weeks.
Don't expect Adobe to give up on its Flash platform any time soon. Adobe is as enthused about Flash as it ever was, but that doesn't mean the company is going to ignore the whole HTML5 thing, either. On the contrary, Adobe just went and released an add-on pack for its Illustrator software that converts it into an HTML5 authoring tool. Here are some of the highlights:
Export named character styles as CSS
Export artwork appearances as CSS
Included selected Graphic Styles as CSS in SVG
Created parametrized SVG (vector graphics tagged with variables)
Create multiple-screen SVG (leveraging media queries to serve up design variations)
According to Adobe, most of the creations designed with the add-on pack will work in Chrome, Firefox, and Safari, and will probably be compatible with Internet Explorer 9.
"I'm curious to see whether this news makes it onto the Mac sites that've beaten Adobe up for a perceived lack of enthusiasm about HTML5 (tough, as it just doesn't fit that sterile, stupid narrative)," John Nack, Principal Product Manger, Adobe Photoshop, wrote in a blog post. "The funny thing is that these changes build on the SVG support that Illustrator has been shipping for ten years. Sometimes it just takes a while for the world to catch up."
We guess that Apple-induced chip on Adobe's shoulder is still there.
We know it's hard to believe, but your Adobe Reader and/or Acrobat software is in need of some patching. That's according to Adobe, which is warning users of a critical vulnerability affecting Reader and Acrobat versions 9.3.4 and earlier.
That's the bad news. The even even worse news is that the vulnerability, when exploited, could crash your machine and potentially allow an attacker to seize control, Adobe says. And the really bad news is that this vulnerability is being actively exploited in the wild.
Ready for the good news? Not so fast, we haven't covered the no-good terrible news. This nasty security hole -- the one the bad guys know about and are currently exploiting -- can't yet be plugged, though if it's any consolation, Adobe promises it's "in the process of evaluating the schedule for an update to resolve this vulnerability." Comforting, isn't it?
Alright, we're finally ready for some good news, and here it is. You don't have to use Adobe products to read those PDF files. One of our favorite free alternatives is Foxit's free Reader program available here.
What do you use to read PDF documents? Hit the jump and let us know.