Increased frequency of requests to update Adobe software can be attributed to a rise in exploited vulnerabilities Gripe Line reader Scott recently sent out a challenge to find out what’s going on with all those pesky Adobe Reader updates.“The frequency of these updates is getting quite ridiculous,” he laments. “This is worse than Microsoft ever was before they started their monthly updates. Can someone please find out why they are sending out so many updates lately?”[ For a look at where tech support is going, read Christina Tynan-Wood’s “The (better) future of tech support.” | Frustrated by tech support? Get answers in InfoWorld’s Gripe Line newsletter. ] Gripe Line reader Ken weighed in on the Adobe update issue via email in response to Scott’s call.“There have been a number of Adobe Reader updates lately either because of security vulnerabilities within Reader or some of the products it leverages,” Ken says. “I’ve seen a similar uptick in updates for Flash and other products, as well.”True, says Adobe spokesperson Wiebke Lips: “The updates you are seeing for Adobe Reader and Acrobat are security updates. Given the relative ubiquity and cross-platform reach of many of our products, in particular our clients (Adobe Reader and Adobe Flash Player included), we have seen increased attention from attackers.” The company introduced a regular patch cycle (to align with Microsoft’s Patch Tuesday) for Reader and Acrobat in 2009 so that customers — especially those in managed environments — could schedule their software update deployment. “So generally, a security update for Adobe Reader and Acrobat comes out every three months,” Lips says.But occasionally the company feels the need to do out-of-cycle releases. “These are only scheduled in urgent situations,” says Lips, such as for zero-days — vulnerabilities that are being exploited before a vendor fix is available.“Each time we run into an urgent situation, we carefully evaluate all factors to determining a patch schedule and come up with the best possible solution. We want to provide a fix for customers as fast as possible to minimize the window of exposure. But we also need to consider the cost to the customer of patch deployment in managed environments,” Lips states. Scott isn’t imagining the increase in updates for Adobe Reader. Since the beginning of the year, there have been three quarterly updates in January, April, and June; this last one was accelerated to address a zero-day issue. There have also been two out-of-cycle updates, the latest on Aug. 19. The tally: five updates over the past eight months. The next update is scheduled for Oct. 12.Lips wants to strongly emphasize that these patches are not arbitrary and you shouldn’t ignore them — no matter how annoying it may seem to deal with another one when all you want to do is get on with your day.“The majority of attacks we are seeing today are exploiting software installations that are not up-to-date on the latest security updates,” she says. Got gripes? Send them to christina_tynan-wood@infoworld.com.This story, “Zero-day exploits spur uptick in Adobe updates,” was originally published at InfoWorld.com. Read more of Christina Tynan-Wood’s Gripe Line blog at InfoWorld.com. Patch Management Software