Nitro Blog

August Patch Tuesday: Adobe’s PDF Tools in the Hot Seat


This month’s Patch Tuesday finds Adobe™ issuing 69 patches for Acrobat® and Reader, a stunning 43 of which are rated “critical” to fix.

This month’s Patch Tuesday finds Adobe™ issuing 69 patches for Acrobat® and Reader, a stunning 43 of which are rated “critical” to fix.

The vulnerabilities put organizations at risk of both remote code execution and information disclosure. In other words, unpatched Acrobat and Reader software could leave a business’ PDF documents susceptible to hijacking by attackers.

According to the PDF Association, 2.5 trillion (with a T!) PDF documents are created each year. Everything from client banking information and merger and acquisition plans, to proprietary designs and other critical IP, is saved and stored in PDF format. This is business-critical data that could, if exposed, mean real trouble for a victimized organization.

Patch while you can

Though Adobe releases so many patches so often, it’s important to take each threat seriously.

“…[It’s] probably safer to put the Acrobat/Reader update into your Priority 1 bucket this month to be on the safe side,” security writer Chris Goettl said of the August Patch Tuesday report on the Ivanti blog.


However, for organizations running Acrobat XI and Reader XI, there soon won’t even be patches available to implement.

Come October 15th, 2017, Adobe will be sunsetting version XI of its PDF software, meaning it will no longer be supported by the company. No updates, no bug fixes, no security patches will be released, meaning organizations still using Acrobat XI or Reader XI will be left with a big decision to make.

For businesses thinking they’ll ride it out with version XI, here’s some food for thought:

Adobe has released no less than 143 security fixes—most of which were labeled “critical”—since the beginning of the year. With today being the 228th day of 2017, that translates to one new vulnerability every-other day since January 1st. And once October 15th hits, Acrobat XI users will have no way to combat them.

What’s next?

For organizations committed to information security, the only option is to migrate away from version XI of Acrobat and Reader. The catch? There is no version XII—only Document Cloud, which includes a significant change in UI that organizations will need to address with their users.

Most complaints have been about this redesigned interface, which buries many key tools beneath menus for the sake of a sleek look. User frustration is understandable, as some functions that could once practically be completed with eyes closed now take additional training, and oftentimes more clicks to boot.

So what’s an Acrobat XI user to do?

The smarter way to PDF

Rich functionality, top-notch security, and unmatched customer success programs make Nitro the best option for organizations needing to migrate away from Acrobat XI.

With the help of Nitro’s change management experts, Continental, a Fortune 500 company and customer since 2010, successfully switched 12,000 users from Acrobat to Nitro.

Visit our Customer Success page to hear from more businesses who’ve chosen Nitro as their document productivity partner.

What are your concerns about Adobe’s security patches?

Will the Acrobat XI sunset affect you? We hope you don’t wait until October 15th to find out.