Top Menu

Adobe’s New Silent Updater

Given the increase in the attacks on Adobe’s software, such as their Flash Player, Acrobat and Reader, the software giant now plans to implement yet another automatic updater. This time, the updates will be done as silent security patches that do not need user intervention.

The new release

The new release is more of a response to the slew of attacks on Adobe software. It is still on beta stage, and tests focus on the silent patching feature of the updates. While silent patches are seen as more effective, there is still the need to see how this schema will work on Adobe software. Since the updaters run in the background, the company still needs to see how these can be effectively implemented among the millions of Adobe users.

Brad Arkin, security chief for Adobe, states that the updaters have configuration features for users, even with the silent patching mode. He says, “They can download and then give them the choice to install it, or it can just notify – or you can turn it off completely. And so, by giving users these options, you know, people who have a well managed environment and they’ve got good reason for why they don’t want to install an update.”

Why silent updaters

According to studies, silent updaters are the best way to install security patches and other important update files. Since these do not require any action from the user, it ensures that the software is always current, with necessary security files installed. Constant patches have become necessities, especially for Adobe software. Malicious attacks are launched every so often. With silent updaters, however, users need not keep up to date on technology news. Their installd software will be updated, regardless.

JavaScript support is here to stay

Much of the attacks on the Adobe software are done through malicious JavaScript APIs. However, the software company is far from veering away from this API type, especially since they deem it impossible to not have JavaScript support for their software, such as the PDF Reader.

Security bugs have been consistently found in Adobe Reader and Adobe Acrobat. Unfortunately, the security officers at the company usually have only a short amount of time to respond to all these bugs and issue required patches to address the problem. Hence, they’ve come up with the JavaScript blacklist, which blacklists any new malicious JavaScript APIs found. With this blacklist, a user trying to access the blacklisted API will experience “denied calls,” which will then lead to a software crash. This then necessitates the reboot of the software.

In this scenario, the silent updater is really the better way to deal with Adobe software attacks. Disabling JavaScript APIs will only result in more problems. With automatic updates, however, particularly of the JavaScript blacklist, users can use their Adobe software without disruption.

, , ,