Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: InfoSec Handlers Diary Blog - Adobe Reader 9 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Adobe Reader 9

Published: 2008-07-17
Last Updated: 2008-07-17 22:13:00 UTC
by Mari Nichols (Version: 3)
3 comment(s)

One of our readers, Steve, let us know that the Adobe website has Version 9 of Reader available for download.  Be sure to notice that they kindly offer a "Free eBay Desktop" is checked by default and it is a 33.5MB download.

As far as security upgrades, Adobe says the Security enhancements provides new digital signature functionality. The new version also adds support for 256-bit AES encryption.  Other security features include SOAP/WSDL, XSD, Kerberos, W3C XML digital signatures, 256-bit AES, OASIS WS-Security, HTTP/HTTPS, RSA, XML encryption, and ECMAScript for XML (E4X) in the JavaScript interpreter. Reader is also NIST PKI test-suite compliant.

UPDATE  Downloaders Beware:  Tim M. wrote in to let us know that installing Adobe 9 leaves you with an "Acrobat.com" icon on your desktop.  It appears to be a beta version of software based on Adobe AIR and you do not have the option not to install it.  The icon launchs an app for sharing files, etc... on line.  This makes us wonder what kind of security implications arise from your users having online collaboration tools in a Beta distribution?  Included in the download are Adobe Buzzword, web-based online word processing and Adobe ConnectNow meeting facilitator, both allowing workers to share information.  The programs can be manually removed via Control Panel, Add or Remove Programs.

More info here:  http://www.adobe.com/acom/createpdf/?promoid=DAFVV 

UPDATE  2:  One of our readers Rauno let us know that a smaller installer, AdbeRdr90_en_US_Std.exe without these two extra apps, is available from Adobe's FTP website at ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.0/enu

3 comment(s)
Diary Archives