Main Area and Open Discussion > General Software Discussion

Dangerous Adobe Reader Vulnerability In the Wild

(1/4) > >>

mouser:
how many times is this going to happen with adobe before we start rebelling against this software?

Bad news for anyone that utilizes Adobe's Acrobat software, or Adobe reader to view PDF files. A critical vulnerability has been identified that can cause the applications to crash and allow an attacker to control the affected system. All versions from 7 forward on all operating systems are suspected to be at risk.

According to the announcement from Adobe, this isn't just a possibility, it's actually happening. Reports have already been made of the buffer overflow exploit being used in this type of attack. Adobe is also working with antivirus vendors to patch the holes, and patches to update the vulnerable apps are in the works. The bad news: patches aren't likely to be ready until March 11th, 2009.

--- End quote ---


http://www.adobe.com/support/security/advisories/apsa09-01.html





from http://www.downloadsquad.com/2009/02/20/adobe-warns-of-critical-vulnerability-in-reader-acrobat/

gexecuter:
I don't care because i use Foxit reader for my PDF viewing needs, works pretty well.

Josh:
Why are you going to rebel mouser? ALL software will eventually have a security hole. The fact of the matter is that people look down on the larger companies because their product is far more popular and more widely utilized. FoxIT is what I use as well, but again if it shared the popularity that adobe reader enjoys then I am sure it's security holes would be found out. As long as a company patches it's holes, I am fine and will not lose one iota of sleep over a security hole. Thus especially given that most of them really have little to no effect on much of the population, ala many of the windows security vulnerabilities. I am not saying be lax on testing and security, but get off the high horse of "Let's boycott this company because they have security issues".

Stoic Joker:
And on the other side of the coin...

(As a comparison) How many times has any systems been penetrated/crashed because of .txt file misuse?!?

PDF Stands for Portable Document Format, it supposed to be read & editable on any platform (Hence the portable part). That's all it was supposed to be, and it should have stayed that way. It was generally never a problem, until Adobe decided to try and make it all things to all people for all reasons. Which was stupid. It's turned into a multidimensional "display" vortex that will suck-up and run anything anyone cares to embed in it ... and it's the anything part that's biting us in the ass now.

You can not put that much potential in one application with out taking some responsibility for what might happen. It was only supposed to be a document reader ... now its turned into the elbbubmug that ate Chicago.

I'm all for boycotting Acrobat, and the nightmare that flash has turned into until they nail the damn things down (/shut) so they quit causing problems that never should have existed in the first place.

Hay nobody had a problem riding Microsoft's ass when Word or Excel had/caused/came up with holes ... why should Adobe get a free pass for making a huge mess.

app103:
I don't care because i use Foxit reader for my PDF viewing needs, works pretty well.
-gexecuter (February 20, 2009, 11:22 AM)
--- End quote ---

I use Foxit Reader too, but it could be just as easily prone to lots of Javascript exploits unless you turn that off in the preferences. If you don't see the option to turn it off, you are probably running an older version of Foxit and should upgrade.

Navigation

[0] Message Index

[#] Next page