Feeds

back to article Unpatched PDF flaw harnessed to launch targeted attacks

Adobe is investigating reports of unpatched flaws in its Reader and Acrobat software packages. Zero-day bugs in Adobe Reader and Acrobat have reportedly been exploited by hackers to attack vulnerable systems, in a series of limited (presumably) targeted attacks since 11 December. Adobe Reader and Acrobat 9.2 or below are …

COMMENTS

This topic is closed for new posts.
Silver badge
Happy

Won't affect me

I am still using kpdf ....

0
0
FAIL

One more loop in the noose around JS's neck

JS needs to be reined in. Usability aside, almost every drive-by attack against modern browsers is the result of JS executing a third-party app / viewer. I might drop NoScript and just start browsing with JS disabled permenantly.

If only I could get 3D graphics working on Ubuntu on my rig...

0
0
Linux

3d gfx?

Right now, the only manufacturer with decent 3d drivers for linux is NVidia. You should be golden with an NV card in there. If you're one of those poor unfortunates with a Radeon, you'll discover that their Linux drives are infinitely worse than their WIndows drivers, and you're best not bothering.

0
1

Re: 3d gfx?

Ha. I'm one of the many lucky owners of Radeon cards with good open-source support… anyway, what's this Abode Addlebat thing? Is it anything like xpdf?

0
0
Happy

Adobe Actrobat is sh***e

Adobe Acrobat is and always has been an appaling bad piece of software. Name your parameter - it's awful!

If you've not done so already, try giving Foxit pdf reader a spin - it's free, a 6th the size and ..hey ...it works!

1
0
Anonymous Coward

Foxit better, but not necessarily securer.

It runs JS just like acrobat does, and there's been at least one pdfsploit that could work 'cross-platform' in both adobe and foxit.

However it's such a nicer bit of software to use that switching is a good idea for sure.

0
0
Anonymous Coward

arr

Well, it's smaller, faster and less intrusive- and doesn't install various dodgy "downloader" things on your machine (Adobe leave some with remote root holes lying about, btw- esp ActiveX ones).

I am sure it also has issues, but used wisely and kept up to date, it might be a good idea.

Also, WIndows users should consider Secunia PSI, which is free for personal use, and does a sterling job of nagging you into keeping your software up to date, when patches do actually arrive.

0
0
Unhappy

Seen it...possibly

Think I came across it last night (and no, I wasn't surfing for pron) - put in a google search and clicked on of the links which tried to open a pdf. Reader then crashed trying to open said pdf.

Immediately ran a virus scan, but nothing was detected.

(This was with Firefox, not IE)

0
0
Bronze badge
Stop

Bollocks

"The popularity of Adobe software has made it a favoured target for hacking attacks over recent months"

Bullshit, Adobe software is a favoured target for hackers because it's both crammed full of bugs and suffers from Adobe's retarded focus on bloating with daft insecure features.

Reminiscent of MS in the 90's, and the reasons are the same: EEE

0
0
Silver badge

Foxit

Why are people still using slow, bloated Adobe?

0
0
Badgers

Sumatra - basic but secure (I hope!)

Foxit was certainly a big improvement over Adobe Reader, but the free version has been getting less and less usable and I can't justify paying for a pdf reader...

Sumatra pdf does the job just fine for me - I hope it's more secure as it's offers very basic functionality.

0
0
Happy

Acrobat 5 doesn't have JavaScript

I knew there was a reason why I refused all the more recent updates!

0
0

Yep

Foxit for me too. I was going to suggest it when I started reading but quickly saw that every man and his dog had beaten me to it.

0
0
Bronze badge

What's difficult about patching Adobe Reader etc?

Surely you just download the new Adobe Reader complete and install it. Doesn't that work?

As for FoxIt: yeah, it's probably popular enough itself to attract hackers - particularly if it has JavaScript itself, or an equivalent. Do you think that the little guys' products are more bullet-proof intrinsically than the big beasts? Check the version history of, say, Opera. One security update after another.

0
0
Thumb Up

@ Gobot - Sumatra pdf

Thanks for the pointer, checking it out.

0
0
This topic is closed for new posts.