back to article Unofficial fix brings temporary relief for critical Adobe vuln

Security researchers have released what they say is an unofficial fix for the critical Adobe Reader vulnerability that's being actively exploited to install malware on machines running Microsoft Windows. The download replaces a buggy strcat call in a font-rendering DLL module with a more secure function, according to this …

COMMENTS

This topic is closed for new posts.
Pint

Read your acrobat docs on a linux machine

this is particularly easy on Ubuntu desktop 8.04.

linux provides several "readers" that require no thought to use or install

just use the default.

4
2
Go

Evince Also Works On Windows

just download it.

0
0
Silver badge
Pirate

Never a truer word spoken

> It's also worth pointing out that the vast majority of Reader users could protect themselves by using an alternative PDF viewer that isn't as widely targeted.

Foxit, Evince, and many more.

All aboard the Skylark!!!

2
0
Pint

Is Acrobat 5.1 vulnerable?

I still use it, because it can still read all the documents I need to read, but comes without all the new-fangled bloatware and all the man-years of vulnerabilities associated with the bloatware. I did try Foxit but me and it didn't get on, so it just seemed simpler to go back to Acrobat 5.1.

0
0
Thumb Down

Adobe looks really ridiculous

I mean, Adobe Reader isn't doing anything truly complicated, it isn't an operating system, it doesn't even author .PDFs.

But even with such a relatively simple product, Adobe is having problem after problem and is extremely slow with fixes.

3
0
Thumb Down

Relatively simple?

Have you *seen* the mountains of cruft that pos installs on a machine? Granted, very little of it has anything to do with reading PDFs - but it's still there, hogging resources, painting big bullseyes on your bank-account details.

0
0
Silver badge
Flame

because Adobe follows industry worst practices

Adobe was a pioneer of offloading their code development to India to the lowest bidder. Surprise surprise code monkey hacks produce spaghetti code that is full of bugs that take forever to find and patch correctly. Now their software is the worse in the industry and the only mystery is why the hell is it on so many boxes. Always one of the first steps to securing a computer is to check and recheck that no Adobe software is installed. If it is no matter what you do the box can't be locked down.

3
0
Pint

Adobe Reader

Three weeks for a simple fix to critical, currently exploited patch seems like taking the piss.

But maybe Adobe have worked out that this type of problem doesn't actually affect their core business or their revenues.

After all it is not going to affect Adobe Acrobat Writer sales. The reader is just a loss leader, Adobe aren't actually going to make any money out of fixing it.

0
0
Go

List Of Adobe Reader Fixes For Windows

Evince:

http://download.gnome.org/binaries/win32/evince/2.30/evince-2.30.3.msi

(strongly suggested)

xpdf:

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4-win32.zip

Google Chrome dev version:

http://www.google.com/chrome/eula.html?extra=devchannel

GSView:

http://mirror.cs.wisc.edu/pub/mirrors/ghost/ghostgum/gsv49w32.exe

0
0
Big Brother

Warehouse of Bad Code

"Adobe was a pioneer of offloading their code development to India to the lowest bidder."

Ok, then tell me what do they keep in that large building down the street from the Caltran in San Jose?

1
0
Silver badge

Another victory for Pointless Document Format

its a computer not a filing cabinet - get paper shaped shit in the recycling bin where it belongs.

0
0
Silver badge
Thumb Up

Sumatra PDF Reader

Open source, free, no install required, no iffy browser toolbar options, portable. It just works.

0
1

Brick?

Rather weird claim in the article.

Testing the patch / update is a thoroughly good idea, and apparantly something they've not done before given the quality of output we get from Adobe. However, testing it to make sure it doesn't brick any Win installations?!

It takes some pretty impressive coding to brick an OS from ring-3 these days.

And who the hell uses strcat and its ilk outside of homebrew kludge-ware intended for personal use only?! When did Aleph1 explain buffer overflows in extremely simple terms? 10 years ago? Pretty sure he advocated keeping well away from strcat, sprintf etc. Organisations the size of Adobe have ridiculous numbers of policies and procedures when it comes to coding - surely that should include the public flogging of anyone using such functions...

0
0
Heart

Foxit rocks

Really nice, light weight reader.

0
0
Stop

Errm, No

They might have any number of ridiculous beancounting regulations, but coding is normally handled very, very informallly. What counts in the end is to deliver features on time. New Features => SALES !

That's how it was in the 80s when people like Warnock and Gates grew their businesses. They still have not changed their mindsets. I doubt they will before they die.

Gates was talking some crap about "Security Development Lifecycle" and it turned out that beneath the shiny GUI we had fermenting flesh from Windows 3.11 in "Windows 7".

Adobe would only notice if their financial figures changed. As they don't make money with Acroread, why should they ?

0
2
This topic is closed for new posts.

Forums