Adobe recently issued its first round of scheduled quarterly security updates for its pervasive Reader and Acrobat applications in an effort to better secure the tools.

Adobe and Microsoft compared notes and found their customers wanted the vendors' patch cycles to coincide, says Brad Arkin, director of product security and privacy for Adobe, which recently patched 13 critical vulnerabilities in Windows and Macintosh versions of Acrobat and Reader.

For its part, Microsoft issued 10 bulletins to patch a total of 31 vulnerabilities (its most ever on a Patch Tuesday), including bugs in Internet Explorer, Word, and Excel.

Adobe has been under the gun to ratchet up security in its Reader and Acrobat apps, which have become a favorite among researchers and attackers, with two major zero-day vulnerability flaws exposed in Reader so far this year. Its PDF apps are some of the most targeted third-party apps in Windows, making up nearly half of all targeted attacks on applications, according to data from F-Secure.

Adobe in February began instituting a new security strategy, including adding its legacy code to its secure code development program (new code already fell under the program), as well as expediting its incident response and patch turnarounds. The quarterly patch process is the third piece of the strategy. The company plans to continue issuing out-of-band fixes as needed, too.

The Missing Link >>