.PDF files are not generally ones where I generally think "Be careful, it could be malicious". Perhaps I ought to re-think that policy
.I'm also wary of the fact that this will apparently affect a PC with UAC set to the highest setting.
| x404.co.uk http://www.x404.co.uk/forum/ |
|
| Adobe Zero Day, again... http://www.x404.co.uk/forum/viewtopic.php?f=19&t=10467 |
Page 1 of 2 |
| Author: | big_D [ Thu Sep 09, 2010 9:41 am ] |
| Post subject: | Adobe Zero Day, again... |
http://www.pcpro.co.uk/news/security/36 ... o-day-flaw Zero day remote execution flaw in Adobe Acrobat and Reader 9.3.4 and earlier (the latest version available for download IS 9.3.4) on Windows and OS X. Opening a malformed PDF document can allow the attacker full control of the affected system. |
|
| Author: | Linux_User [ Thu Sep 09, 2010 9:47 am ] |
| Post subject: | Re: Adobe Zero Day, again... |
.PDF files are not generally ones where I generally think "Be careful, it could be malicious". Perhaps I ought to re-think that policy .I'm also wary of the fact that this will apparently affect a PC with UAC set to the highest setting.
|
|
| Author: | jonbwfc [ Thu Sep 09, 2010 10:42 am ] | |||||||||
| Post subject: | Re: Adobe Zero Day, again... | |||||||||
Simplest solution is not to use Adobe reader to look at PDFs. IIRC, a lot of the other readers (FoxIt, SumatraPDF, Preview on Mac OS) don't suffer from the same security bugs. Adobe. They really can't program for toffee, it has to be said. |
||||||||||
| Author: | big_D [ Thu Sep 09, 2010 11:05 am ] |
| Post subject: | Re: Adobe Zero Day, again... |
Foxit has suffered from most of the recent security flaws in PDF, because they were in the actual design of the specification that the flaws were, not in the code used to implement it...
|
|
| Author: | Amnesia10 [ Thu Sep 09, 2010 11:16 am ] |
| Post subject: | Re: Adobe Zero Day, again... |
With a mac I cannot remember when I last used Adobe reader. I keep updating it but use the inbuilt Preview almost all the time. |
|
| Author: | HeatherKay [ Thu Sep 09, 2010 11:23 am ] |
| Post subject: | Re: Adobe Zero Day, again... |
Adobe's labyrinthine updating process seriously annoyed me. Who creates an installer that has to download a package, unpack it, run it to then download the proper installer? Who then builds an installer that coughs up two dialog boxes, but the one you have to dismiss first is UNDER the top one?  After umpteen attempts to update Acrobat Pro, I deleted the entire package completely. I've not looked back. No more annoying nagging about another tweak or bug fix, no more crashing and memory hogging. Once we rid the world of Flash as well, I will be happy. 
|
|
| Author: | forquare1 [ Thu Sep 09, 2010 11:28 am ] |
| Post subject: | Re: Adobe Zero Day, again... |
So is this with or without the new Adobe Reader sandboxing stuff that Adobe was talking about the other month? |
|
| Author: | big_D [ Thu Sep 09, 2010 11:45 am ] |
| Post subject: | Re: Adobe Zero Day, again... |
Without, sandboxing is due in the next release of Reader. That won't help Acrobat users though. |
|
| Author: | rustybucket [ Thu Sep 09, 2010 11:53 am ] | |||||||||
| Post subject: | Re: Adobe Zero Day, again... | |||||||||
Well said. Okular ftw! |
||||||||||
| Author: | Amnesia10 [ Thu Sep 09, 2010 12:00 pm ] | |||||||||
| Post subject: | Re: Adobe Zero Day, again... | |||||||||
So do mac users even need Adobe reader on their system at all? They can be read with preview. Thanks in advance. |
||||||||||
| Author: | HeatherKay [ Thu Sep 09, 2010 12:23 pm ] | |||||||||
| Post subject: | Re: Adobe Zero Day, again... | |||||||||
Preview is quite good, but there are occasional PDFs that won't display properly for whatever reason. I have yet to come across one since disposing of Acrobat, but when I do I may consider downloading Reader. |
||||||||||
| Author: | big_D [ Thu Sep 09, 2010 12:31 pm ] | |||||||||
| Post subject: | Re: Adobe Zero Day, again... | |||||||||
Preview was vulnerable to 2 PDF exploits this year.
|
||||||||||
| Author: | big_D [ Thu Sep 09, 2010 12:33 pm ] | ||||||||||||||||||
| Post subject: | Re: Adobe Zero Day, again... | ||||||||||||||||||
It doesn't support all features of the PDF standard, which is also why it isn't as vulnerable as some of the other readers. I believe, it doesn't support form filling and saving, for example, or embedded Flash, for example. The latter is a very questionable feature! |
|||||||||||||||||||
| Author: | Amnesia10 [ Thu Sep 09, 2010 2:15 pm ] | |||||||||||||||||||||||||||
| Post subject: | Re: Adobe Zero Day, again... | |||||||||||||||||||||||||||
I do not need those so I might as well remove it. Even with the two exploits you mentioned in preview, which I think Apple have patched already. |
||||||||||||||||||||||||||||
| Author: | robin [ Thu Sep 09, 2010 3:44 pm ] | |||||||||
| Post subject: | Re: Adobe Zero Day, again... | |||||||||
Out of interest Heather, what do you use for checking PDFx/1a compliance (or whatever standard your printers specify) etc, or for fixing non compliant print pdfs instead of Acrobat Pro? I've only recently upgraded to CS3 and seriously dislike Acrobat/Distiller 8 compared to 7 but am soldiering on in the interests of being a bit less hopelessly out of date... Just beginning to prefer INDD to QX so all is not lost
|
||||||||||
| Page 1 of 2 | All times are UTC |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|
