Adobe adopts 'Patch Tuesday' security updates
Published: 21 May 2009 10:18 BST
Adobe said on Wednesday it will release quarterly security updates to coincide with Microsoft's Patch Tuesday as part of a new approach to product security for Adobe Reader and Acrobat.
The security updates will be delivered on a second Tuesday once a quarter beginning this summer, Brad Arkin, director of product security and privacy, wrote in a blog post. Microsoft's Patch Tuesday updates are issued monthly on the second Tuesday.
Adobe security patches released on Patch Tuesdays March 10 and May 12 were coincidental, the post said.
The most recent patch fixed a hole in Flash Media Server 3.5.1 and earlier that could allow an attacker to execute remote procedures in Flash Media Interactive Server or Flash Media Streaming Server.
The March patch fixed a critical vulnerability in Adobe Reader 9 and Acrobat 9 that could allow an attacker to take complete control of a computer and for which exploits had been reportedly found in the wild for nearly two months.
The Adobe Reader issue sparked "a lot of conversation internally at Adobe from executives to testers and developers" and ultimately led to the permanent changes to Adobe's software security approach, Arkin said. "Everything from our security team's communications during an incident to our security update process to the code itself has been carefully reviewed," he wrote.
All new code and features for Adobe Reader and Acrobat have been put through a Secure product Lifecycle that is similar to Microsoft's much-touted Security Development Lifecycle, according to Arkin. Now Adobe is working on hardening at-risk areas of its legacy code too, he added.
Arkin also promised that people outside the company "will see more timely communications regarding incidents, quicker turnaround times on patch releases and simultaneous patches for more affected versions as we move forward".
Security issues with Adobe Reader prompted firm F-Secure to suggest that people should switch to an alternate PDF reader at the RSA security conference last month. Just last month another security hole surfaced in Adobe Reader.
Credit: Adobe to release security updates a la Patch Tuesday from CNET News
Did you find this article useful?
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
