
Ask HN: Are Adobe Acrobat updates a security hole? - batguano
tl; dr: It seems like it&#x27;d be easy to spoof a &quot;software update&quot; dialog, and thereby install arbitrary malicious code.<p>The reason I ask: 
Very often, a dialog appears that says something like, &quot;There is a security update to Adobe Acrobat...Do you want to install?&quot; And if I say yes, the next dialog prompts me for my password (I&#x27;m on a Mac, FWIW.) and if I give it the password, it moves forward and installs the new software.<p>(The frequency of the updates also seems suspicious; I understand that pdfs are a prime vector for malware, though I don&#x27;t understand why.)<p>Anyway, my main question is: How do I know that this is legit? Since I always have a browser open, it seems credible that someone could craft a pop-up window to mimic the Adobe Updater dialog. (I have a pop-up blocker, but imagine that it would be possible to get past that.)<p>Am I right to be concerned about this? And if so, what to do?<p>Forgive me if this is I naive question; I&#x27;m no expert about security matters.
======
batguano
Microsoft products also seem to request frequent updates. But I've only
noticed those happening when I launch one of their applications, which makes
it seem marginally less threatening to me.

------
qbrass
If you're worried about it, close the dialog, then fetch the newest version
manually.

