Feeds

back to article Adobe readies critical Reader update

Adobe has promised to release a patch for a critical hole in its Adobe Reader and Acrobat PDF software next Tuesday (5 October). The updates will address a zero-day cross-platform vulnerability first discovered three weeks ago that creates a possible mechanism for hackers to take over vulnerable PCs. The software developer plans …

COMMENTS

This topic is closed for new posts.
Bronze badge
FAIL

Error

I think you mean that Adobe are releasing updates FOR 9.3.4, not that they are releasing 9.3.4 (which has been out for a month already).

1
0
Flame

More problems than security

For all the security problems , if they don't do something about the speed/size of this dog I won't be touching it with a barge pole.

Foxit rules !!! ( OK that may be overstating it , but in comparion to Adobe Reader - without a doubt )

1
0
Stop

Why does PDF have so many features

For too long Adobe tried to have PDF one-up on the web. So it has embedded javascript, embedded flash, embedded video, 3D drawings, all in some binary mess. It's a losing battle. Have adobe release a lightweight PDF viewer -like foxit, apple preview, gnome evince, or let's all move away from it. It's too much hassle keeping it updated and the way acroread sneaks its way into the windows search indexer and the icon preview, you don't even need to open a malware PDF by hand to be owned, all you need to do is have windows search -running as Administrator- index the file.

There's a good paper on this out, made me go round and uninstall acroread from every machine I have.

http://blog.didierstevens.com/2010/09/26/free-malicious-pdf-analysis-e-book/

0
0
Silver badge

Re: Why does PDF have so many features

No I think it's more about upgrades. The board wants to make money by selling upgrades. To sell upgrades marketing need a list of new features to put on the box. But they already had the portable document thing down years ago so what do they do? Bolt on useless crap.

You end up with something like a toaster with 47 different programmable modes, a built in radio, and a night light.

0
0
Happy

simple solution

I worked around the problem by uninstalling Reader. Preview works OK on my Mac for the PDFs I have.

Simple.

1
0

Javascript in PDF

That really is the best ever example of 90's "we did it because we could" development.

You would have to be a masochist to try and use it.

1
0

JS

The JavaScript is quite useful sometimes - you don't need it for HTML forms either, but anyone that's designed a web form will tell you it's useful to have.

PDF has a lot of problems: PDF 1.0 dates from 1984 or so and there have been some really, really bad decisions made along the way. However I'm not convinced JavaScript itself is the problem - the problems are because it hasn't been sandboxed.

We develop a PDF API in Java and the first thing we did is wrap the JavaScript engine with the same security restrictions you get for applets - harder for Adobe to do (Acrobat's written in C), but I suspect not impossible.

0
0
Silver badge
WTF?

Did I just dream it...

... or did you just imply that C is inherently less secure than java?

0
0
Silver badge
Linux

If Javascript is so useful in PDFs

How comes I never came across a PDF containing Javascript that wasn't a virus?

I never needed to create a PDF with 3D, flash or any other binary attachments... Nor I ever knew anyone else. I fact I have been asked many times why is that kind of functionality needed on PDF's.

So I'm left wondering if Adobe's owners do indeed have a lot of shares on AV companies.

1
0
Silver badge

Safe Document Format?

.ps.gz never failed me...

0
0

just release a version of adobe that can only render postscript

and can not do anything else.

problem solved. the people that need advanced pdf capability can install the full version.

0
0
Silver badge

Re: a version of adobe that can only render postscript

You dirty, dirty *NIX user. Last time I checked, Acrobat Reader could not render ps at all, let alone *only* ps. You'd be surprised at how many people (even top-educated people) stick with chunky, unresizable graphics and chunky *text* documents just because the mainstream software providers today think that vector graphics and human-readable formats are not fashionable.

It actually enrages me because I have to put up with multi-MB "office" documents with fancy coloured comments and corrections where a KB-sized text with inline comments would be so much more efficient. Especially when mailing stuff back and forth on a thrice-dayly basis. And especially when the actual layout has to be reworked thrice-dayly too, because not everyone has the same fonts or the same version of the software.

Other pet-peeve of mine: since PDF has a "digital signature" feature, everyone and their dogs think its cool to digitally sign their PDFs. All well and good, except that it doesnt prevent anyone worth their salt from tinkering with your docs AND the Acrobat Pro wont let you merge signed documents so you actually HAVE to bypass that "security" feature if you want to do any kind of collaborative work. Which kinda defeats the initial purpose, doesn't it? (not that such "hacking" is even remotely challenging to begin with, but still). BTW, people: pretty much all the PDF-manipulation tools not from Adobe dont give a shit about digital signatures and will let a third party include derogatory comments on your boss' wife in all your signed PDFs so why do you even bother?

0
0
Stop

You might not need 3D in PDF

But it's a hell of a lot easier to show the nature of a 3D object in PDF than on a printed page, not to mention imbedding audio and any number of things which make an otherwise static document interactive. Bird watching books which can include the bird calls is just one example I can think of. The possibilities, particularly keeping the proliferation of iPads and other portable readers in mind, are endless.

So want to have another think about that ill-considered post John Sanders?

0
1
Silver badge

No

There are other formats that do these things perfectly well and arguably more securely. pdf was never meant to be an interactive format, Adobe just keeps bolting badly thought-out features on it in their effort to one-up HTML. That's why it's so dodgy. Also, whoever finds that a "3D" pdf is more explanatory of the nature of a 3D object than a couple of good technical drawings needs an IQ check. As long as the support remains 2D, "3D" renderings are just for the fun and have no technical value.

As for your bird book and stuff, you sound like a 1990 teen who just discovered HTML. Sure its great (although not "endlesss" great: the delivery gadget is usually a big limitation) but with great power comes great... on second thought fuck that, we're taking about Adobe after all.

An ornithology book with actual chirping in it sounds like a TERRIBLE idea (with emphasis on terrible). Bird songs vary from territory to territory, they also vary with time (both periodically and linearly). Not to mention inter-individual variations. On top of that, manking came up with a shitload of means to overcome the limitations of "indirect" media to describe objects and sounds (think of it as regular expressions for the real life) which means that any birdsong you include in your book will be hugely less usefull than a standardized, written, boring, description of the same. Same for floras actually. Did you ever wonder why all the good works on plants an animals feature drawings and written descriptions, not actual photographs and sounds? That's because the latters can only show one particular example while the formers are able to capture the essence of the whole species.

As for interactivity, it's an interesting debate (switching back to entertainment here). Which is more interactive, written words that let you build your own representation, or a pre-made, same-for-everyone rendition? I let you decide: I have no pre-made answer to this one (see what I just did?).

0
0
This topic is closed for new posts.