Author |
Message |
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm Posts: 10691 Location: Bramsche
|
http://www.pcpro.co.uk/news/security/36 ... o-day-flawZero day remote execution flaw in Adobe Acrobat and Reader 9.3.4 and earlier (the latest version available for download IS 9.3.4) on Windows and OS X. Opening a malformed PDF document can allow the attacker full control of the affected system.
_________________ "Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
Thu Sep 09, 2010 9:41 am |
|
 |
Linux_User
I haven't seen my friends in so long
Joined: Tue May 05, 2009 3:29 pm Posts: 7173
|
.PDF files are not generally ones where I generally think "Be careful, it could be malicious". Perhaps I ought to re-think that policy  . I'm also wary of the fact that this will apparently affect a PC with UAC set to the highest setting. 
|
Thu Sep 09, 2010 9:47 am |
|
 |
jonbwfc
What's a life?
Joined: Thu Apr 23, 2009 7:26 pm Posts: 17040
|
Simplest solution is not to use Adobe reader to look at PDFs. IIRC, a lot of the other readers (FoxIt, SumatraPDF, Preview on Mac OS) don't suffer from the same security bugs. Adobe. They really can't program for toffee, it has to be said.
|
Thu Sep 09, 2010 10:42 am |
|
 |
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm Posts: 10691 Location: Bramsche
|
Foxit has suffered from most of the recent security flaws in PDF, because they were in the actual design of the specification that the flaws were, not in the code used to implement it... 
_________________ "Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
Thu Sep 09, 2010 11:05 am |
|
 |
Amnesia10
Legend
Joined: Fri Apr 24, 2009 2:02 am Posts: 29240 Location: Guantanamo Bay (thanks bobbdobbs)
|
With a mac I cannot remember when I last used Adobe reader. I keep updating it but use the inbuilt Preview almost all the time.
_________________Do concentrate, 007... "You are gifted. Mine is bordering on seven seconds." https://www.dropbox.com/referrals/NTg5MzczNTkhttp://astore.amazon.co.uk/wwwx404couk-21
|
Thu Sep 09, 2010 11:16 am |
|
 |
HeatherKay
Moderator
Joined: Thu Apr 23, 2009 6:13 pm Posts: 7262 Location: Here, but not all there.
|
Adobe's labyrinthine updating process seriously annoyed me. Who creates an installer that has to download a package, unpack it, run it to then download the proper installer? Who then builds an installer that coughs up two dialog boxes, but the one you have to dismiss first is UNDER the top one? After umpteen attempts to update Acrobat Pro, I deleted the entire package completely. I've not looked back. No more annoying nagging about another tweak or bug fix, no more crashing and memory hogging. Once we rid the world of Flash as well, I will be happy. 
_________________My Flickr | Snaptophobic BloggageHeather Kay: modelling details that matter. "Let my windows be open to receive new ideas but let me also be strong enough not to be blown away by them." - Mahatma Gandhi.
|
Thu Sep 09, 2010 11:23 am |
|
 |
forquare1
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 6:36 pm Posts: 5161 Location: /dev/tty0
|
So is this with or without the new Adobe Reader sandboxing stuff that Adobe was talking about the other month?
|
Thu Sep 09, 2010 11:28 am |
|
 |
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm Posts: 10691 Location: Bramsche
|
Without, sandboxing is due in the next release of Reader. That won't help Acrobat users though.
_________________ "Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
Thu Sep 09, 2010 11:45 am |
|
 |
rustybucket
I haven't seen my friends in so long
Joined: Thu Jun 18, 2009 5:10 pm Posts: 5836
|
_________________Jim
|
Thu Sep 09, 2010 11:53 am |
|
 |
Amnesia10
Legend
Joined: Fri Apr 24, 2009 2:02 am Posts: 29240 Location: Guantanamo Bay (thanks bobbdobbs)
|
So do mac users even need Adobe reader on their system at all? They can be read with preview. Thanks in advance.
_________________Do concentrate, 007... "You are gifted. Mine is bordering on seven seconds." https://www.dropbox.com/referrals/NTg5MzczNTkhttp://astore.amazon.co.uk/wwwx404couk-21
|
Thu Sep 09, 2010 12:00 pm |
|
 |
HeatherKay
Moderator
Joined: Thu Apr 23, 2009 6:13 pm Posts: 7262 Location: Here, but not all there.
|
Preview is quite good, but there are occasional PDFs that won't display properly for whatever reason. I have yet to come across one since disposing of Acrobat, but when I do I may consider downloading Reader.
_________________My Flickr | Snaptophobic BloggageHeather Kay: modelling details that matter. "Let my windows be open to receive new ideas but let me also be strong enough not to be blown away by them." - Mahatma Gandhi.
|
Thu Sep 09, 2010 12:23 pm |
|
 |
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm Posts: 10691 Location: Bramsche
|
Preview was vulnerable to 2 PDF exploits this year. 
_________________ "Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
Thu Sep 09, 2010 12:31 pm |
|
 |
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm Posts: 10691 Location: Bramsche
|
It doesn't support all features of the PDF standard, which is also why it isn't as vulnerable as some of the other readers. I believe, it doesn't support form filling and saving, for example, or embedded Flash, for example. The latter is a very questionable feature!
_________________ "Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
Thu Sep 09, 2010 12:33 pm |
|
 |
Amnesia10
Legend
Joined: Fri Apr 24, 2009 2:02 am Posts: 29240 Location: Guantanamo Bay (thanks bobbdobbs)
|
I do not need those so I might as well remove it. Even with the two exploits you mentioned in preview, which I think Apple have patched already.
_________________Do concentrate, 007... "You are gifted. Mine is bordering on seven seconds." https://www.dropbox.com/referrals/NTg5MzczNTkhttp://astore.amazon.co.uk/wwwx404couk-21
|
Thu Sep 09, 2010 2:15 pm |
|
 |
robin
Has a life
Joined: Wed Apr 29, 2009 3:03 pm Posts: 88 Location: * out of my tree *
|
Out of interest Heather, what do you use for checking PDFx/1a compliance (or whatever standard your printers specify) etc, or for fixing non compliant print pdfs instead of Acrobat Pro? I've only recently upgraded to CS3 and seriously dislike Acrobat/Distiller 8 compared to 7 but am soldiering on in the interests of being a bit less hopelessly out of date... Just beginning to prefer INDD to QX so all is not lost 
|
Thu Sep 09, 2010 3:44 pm |
|
|