Skip to content
Naked Security Naked Security

Adobe Acrobat and Reader 2015 reach end of support

If you've been happily using Adobe Reader 2015 software for the last few years, you're in for a rude awakening.

If you’ve been happily using Adobe Reader 2015 software for the last few years, you’re in for a rude awakening. The software vendor is ending support for these versions of its PDF-perusing product.

Adobe is bringing its support for two related products to an end: its free Acrobat Reader 2015 software, which enables people to open PDF documents without paying anything and perform basic edits, and the commercial Acrobat 2015 software that lets people create, convert, and add security and extra interactivity to their PDFs.

Adobe released both of these products in 2015, with Acrobat DC and Acrobat Reader DC. DC stands for Document Cloud, which is Adobe’s central cloud-based hub for managing documents.

The company’s Support Lifecycle Policy only provides five years of support from the date that its products become generally available. Adobe is pulling support on the products’ fifth anniversary, 7 April 2020.

At that point, customers won’t get technical support for their products, meaning that if you phone Adobe with a problem, its operatives won’t deal with it. More importantly, this end of support means that you won’t get any more security patches for the products either.

A lack of new security updates is a big deal, because vulnerabilities affecting later versions of its software often affect 2015 editions too. For example, it published a security advisory in October featuring seven ‘critical’ vulnerabilities and a further three ‘important’ ones, all of which affected the 2015 versions of Acrobat and Acrobat Reader.

What to do?

If you’re a 2015-edition user, you have two options.

You can trundle along with your existing software but run the risk of new vulnerabilities emerging for the product, rendering you vulnerable.

Or you can upgrade to the latest edition of Acrobat DC and Acrobat Reader DC.

You also have two options when you upgrade. You can stick with the purchasing track that affects the 2015 releases, which is the Classic track licence. This gives you software products updated on a regular quarterly cadence with minimal extra features. That contrasts with Adobe’s Continuous track, which provides regular, more frequent and often silent updates with more features.

This subscription-based option is definitely the one that Adobe wants you to follow. From its knowledgebase article:

Subscription plans are the best way to take advantage of everything Acrobat DC has to offer. New annual and month-to-month subscription plans make Acrobat DC more affordable than ever, while also giving you access to premium Adobe Document Cloud services.

If you don’t buy the subscription option then you won’t get access to Document Cloud-based services like the Adobe Sign e-signature service.

7 Comments

“products updated on a regular quarterly cadence” – Does that delivery pattern apply to security patches? Historically, Adobe’s PDF viewers seem to have been a leading source of exploitable / exploited vulnerabilities on PCs (possibly rivalling Windows itself – quite an achievement, in light of the relatively limited functionality). So, holding a patch until the end of a quarter sounds egregiously irresponsible.

The security patches are not held. Only feature changes / updates are held rather than including new / improved features monthly.

Is there NO reasonable facsimile for Adobe ?? What else (reliable) is out there for free ??

Firefox has a PDF viewer (written in JavaScript) built right in; I tend to use that while online because it is quick and stripped down, although copy-and-paste of text often leaves you with a sea of individual characters rather than distinct words, presumably because of how the PDF-to-HTML rendering is done.

On a Mac, you also have the built-in Preview app that can not only view PDFs but also perform (limited) editing of PDFs, including adding/deleting pages and basic form-filling.

A few PDFs I’ve had to deal with – maybe one or two a year lately – specifically require an Adobe PDF product; if you open them without Adobe you just see a message to that effect. I typically install an Adobe reader as needed. Once the need passes it’s easy enough to remove…

My 2c.

Not exactly on topic, but related: what are your opinions on the security value of disabling Adobe Reader’s options for running JavaScript and the Trust Managers option of opening non-PDF attachments with external programs? I had heard that it was best to unset those options since those two points tended to be vectors for malicious PDF documents to perform their attacks. Thanks.

Why not turn both of them off unless (or perhaps until) you know you need them? I can’t recall the last time I needed to extract and open an attachment from a PDF, directly or indirectly -or if, indeed, I ever have. Less, as they say, is more….

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?