Well, Adobe are still not speaking to me: I’ve had no information about updates to address the recent Acrobat vulnerability/exploits to either of the addresses I subscribed to its Security Notification Service. (See PPPS below.)
However, something positive is happening out there in the old clay homestead: updates have arrived for a machine on which I have Acrobat 8, though not for the machine next to it, which still runs 7 (I’ll have to look at that issue in a minute).
In case Adobe aren’t speaking to you either, here’s what it recommends:
PS: that Acrobat 7 issue… Updates were disabled on that machine because I wasn’t logged on as an administrator, and even when I did change logins, I had to download manually, only to find that 7.1.1 isn’t there yet. Let’s hope Adobe catch up with themselves sooner rather than later.
I can see the point of disabling updates for unprivileged users in the business world (the principle of least privilege!), in that many IT teams would be unhappy about end users installing updates they hadn’t tested in the corporate environment. But what about home/SOHO (Small Office/Home Office) users who don’t have an IT team and don’t normally run as administrator (which is an entirely sensible practice that we often advocate)? It might be civil at least to let them know that there’s a problem and an update to fix it, in case they don’t happen to read The Register or blogs by those nice people from ESET.
Author David Harley, We Live Security