Update available for potential vulnerabilities in Adobe Reader and Adobe Acrobat 7

Release date: December 5, 2006

Vulnerability identifier: APSB06-20

http://www.adobe.com/support/security/bulletins/apsb06-20.html

Only affects users of Windows version AND MS Internet Explorer

(Apparently users of Firefox, Opera, etc. not affected.)

DH

Update available for potential vulnerabilities in Adobe Reader and Adobe Acrobat 7

Release date: December 5, 2006

Vulnerability identifier: APSB06-20

http://www.adobe.com/support/security/bulletins/apsb06-20.html

Only affects users of Windows version AND MS Internet Explorer

(Apparently users of Firefox, Opera, etc. not affected.)

DH

I don't remember if there is a discussion thread more appropriate for this remark than the current thread or not.

Anyway I recently downloaded and installed Adobe Acrobat Reader 6 to upgrade my old version 4 (or 5?) in the hope that it would allow me to read a PDF file I had downloaded from http://books.google.com

Apparently version 6 is the highest I could go on Windows 98.

Since I trusted the web sites from which I had downloaded PDF's I did not bother to check for updates to my version 6. However, yesterday I did actually go check for updates since Reader had been attempting to go thru my firewall to check for updates automatically.

Unfortunately, the update process REQUIRED installing 6.03, 6.04, 6.04, and 6.06 in order to get to the latest release level of 6.06 dated Jan 8, 2007. The explanatory text info given during the update process by the updater appeared to indicate that the updates had to be installed in sequence one after the other. Rather a nuisance on dial-up.

I think I'm also going to tell the firewall to block network access by Adobe Acrobat Reader again because I don't trust PDF documents that might want to go online and I assume that viewing normal PDF's in the browser does NOT require the Reader itself to go online since the PDF has already been downloaded into the browser cache by the browser. Perhaps merely blocking javascript in the Reader would be enough to stop the standalone (as opposed to browser plug-in) Reader from going online? but I sure don't know about that.

DH

P.S.
I assume that more recent versions of Reader also require stepwise updates (e.g. critical security updates) as mentioned above for version 6, so it's probably better to keep the automatic (monthly?) checking for updates turned on so that you can avoid going thru a multistep upgrade and hopefully avoid running Reader for long periods without critical security updates.

It's probably a good idea to change the Update Preference to make sure that one is conspicuously notified when an update is taking place so that when your firewall tells you than a modified version of Reader is trying to access the net, you will have some confidence that it's not because of a spyware attack.

The latest version is 8, but it has problems with vista. The safest solution then is version 7.09.