Film review site hacked to spew malicious PDFs
Hackers on Thursday exploited a vulnerability on Ain't It Cool News that redirected anyone visiting the movie review site to a server containing a malicious Adobe Reader file. The attack targeted a vulnerable PHP script on one of AICN's servers that automatically appended the malicious link to banner ads served on the site, its …
only that is affected by this, is something like Foxit Reader also affected? Or any PDF reader?
I guess that's a moot point really seeing as it's flaws in Adobe's reader that are being specifically targeted.
Scrub this, it's just a muse.
Since I don't (and does anyone I know) use that craptastic, heavy piece of bloatware that is Adobe PDF reader I'm not to concerned.
Foxit reader all the way.
Foxit is definitely getting worse though. Slower, more bloated, and I find these days that some PDFs don't display properly in it. Some PDFs seem to need Adobe Reader...
the only effect I saw of this was the absence of any content on AICN
Yes, adobe's lamentably buggy and insecure pdf reader is a horrendous piece of bloatware and with every bit of useless bloat comes more bugs
Solution? stop adding features we didn't want or ask for. And fix your code.
Loads quick and as far as I know doesn't have an exploit yet.
Hey, Bitdefender ftw, and, surprisingly, Microsoft, being 2 that found it. However, like the others, Foxit user here (also slowly going off it). As for users running outdated versions, blame Adobe, unlike other software which checks online when the program starts for updates then tells you, it doesn't seem to - maybe it would if the utility in startup was allowed to run in the background, but it was always the first thing I disabled.
After 20 odd years Microsoft have finally sussed that what their customers want is fast secure systems, let's hope it doesn't take Adobe that long.
Another slapdash bit of writing from this hack
"to a server containing a malicious Adobe Reader file"
I have no idea what one of those is - perhaps you mean a 'PDF' file (now an open standard since Adobe released it to the ISO)
...probably because I have AdBlock
Sign up, sign up for The Register's weekly IT security newsletter - click here
