A security outfit has complained that Adobe is delivering an out-of-date version of Reader to users who download the popular application from its Web site.

Danish vulnerability tracking vendor Secunia said that the version on the the Adobe site offers includes at least 14 security vulnerabilities that have been patched by the company in the last two months. It noticed Adobe was offering an outdated Reader when users of its Personal Software Inspector (PSI) utility started complaining when the tool said they were running a vulnerable version, even though they had just downloaded the PDF viewer.

Mikkel Winther, the manager of the PSI partner program said that users had downloaded the latest Reader, but still PSI was telling them that it was vulnerable. Secunia was worried that PSI was throwing off a "false positive," but that wasn't the case. The version now hosted on Adobe's Web site, said Winther, is Reader 9.1, an edition that was released March 10 to plug several holes, including one that had been actively exploited by hackers since at least January.

Adobe has issued two security updates since then. The first, released May 12, patched another "zero-day" bug in Reader, while the second, issued June 9, fixed at least 13 critical flaws reported by outside researchers and secretly patched an unspecified number of bugs found by Adobe's own security team.

Adobe has defended its antics saying that it was normal. Adobe Reader 9.1 for Windows is the most recent full installer of the product," said a company spokesman. "Adobe Reader 9.1.1 and 9.1.2 for Windows are patches that require Adobe Reader 9.1 to be present. This is the reason users are offered Adobe Reader 9.1 via the 'Get Adobe Reader' page on Adobe.com." (Even Microsoft offers instant-updates on it's products before installing, a wihile now. Ed.)