Adobe on Tuesday closed 15 “critical” vulnerabilities with the release of updated versions to its popular Reader and Acrobat Software.
Twelve of the flaws could be exploited to execute malicious code, while the other three can lead to denial-of-service conditions, according to a security bulletin. Each were patched with the release of Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX. Users of version 8 can upgrade to 8.2.2.
This marks the first time Adobe’s quarterly updates can be applied using the new automatic updater feature.
The new tool, in beta since October, is designed to “keep end-users up to date in a much more streamlined an automated way,” Steve Gottwals, a software product manager, said in a blog post on Thursday. Users must opt in before they can receive the updates and then they can decide when the updates should be installed. Customers will be able to activate the feature by going to Edit>Preferences>Updater.
The component will check to ensure the software is running the latest version each time it is run.
“…The majority of attacks we are seeing are exploiting software installations that are not up-to-date with the latest security updates, which suggests that far too many users are currently not installing the security updates that would protect them,” Brad Arkin, Adobe’s director of product security and privacy, said Tuesday in a separate blog post. “The new updater technology was designed to address part of this problem.”