Adobe to issue regular Reader and Acrobat patches

Adobe has suffered from a string of high-profile security incidents

Adobe is to ape the security practices of other technology companies by issuing regular patch updates to Adobe Reader and Acrobat.

Brad Arkin, director of product security and privacy at Adobe, said in a blog post that the updates would be delivered to users on a quarterly basis on the second Tuesday of the month, starting this summer.

Microsoft also delivers its security updates on the second Tuesday of the month, meaning that once a quarter IT teams will have a bundle of issues from both firms to resolve and fix.

Security-wise it has been a tough few months for Adobe. The firm issued a security alert at the end of April about a serious flaw in all flavours of its Reader software, affecting PC, Mac and Unix versions.

In March the firm released a second fix for vulnerabilities in Acrobat and Reader versions 7 and 8 for Mac OS X and Windows operating systems, while February saw a serious PDF problem.

In December last year white-listing firm Bit9 placed Acrobat (versions 8.1.2 and 8.1.1) second in a list of the most buggy applications currently available. Bit9 claimed to have found 31 vulnerabilities.

"We have talked publicly about Adobe's overall approach to software security, our incident response process, and our support for more security tools for Adobe technologies," said Arkin.

"Today's post shares some details about the software security activities underway with two of our best known and widely used products. What started out as a routine incident response expanded to a broader effort by Adobe Reader and Acrobat engineers, culminating in permanent changes to our software security approach for those products.

"Since February, Adobe Reader and Acrobat engineers have been executing a major project focused on software security."

From this summer Adobe promised to improve its ability to respond to issues, while doing as much as it can to shore up its update processes.

"Software security is a rapidly evolving field, and we are always on the lookout for ways to best adapt to the changing threat landscape. In developing this new approach to product security for Adobe Reader and Acrobat we have leveraged lessons learned by our friends and partners in the community," Arkin added.

All new code and features developed for the applications will be subject to much more scrutiny, while the firm will try to be much more agile when it comes to releasing key fixes, according to Arkin.

"We expect folks outside Adobe will see more timely communications regarding incidents, quicker turnaround times on patch releases, and simultaneous patches for more affected versions as we move forward," he said.