Adobe has patched 23 security vulnerabilities in its Reader document viewer, including one that criminals were exploiting to install malware on the PCs of unwitting victims. At least 18 of the other flaws also made it possible for attackers to remotely hijack users' PCs, Adobe said in an bulletin released on Tuesday. The patch …
..and it still drops an utterly useless and unwanted program icon on the desktop.
But Acrobat Pro is vulnerable unless you go through update hell
The updates for Acrobat Professional aren't cumulative. For a new install, have to install 9.0 and then go from 9.1 to 9.1.3 to 9.2 to 9.3 to 9.3.2 to 9.3.3 to 9.4 to get an up-to-date Acrobat Pro installation (I think that's the shortest path). Good luck in an enterprise environment.
They've never refreshed the original installation media, not even the downloadable demo, and you can't get refreshed media from Adobe. If you try, they tell you things like "Acrobat Pro 10 will fix it". Why yes. Until 10.1 comes out. And then 10.1.3. And then 10.2. And you recreate the problem.
Or, hey, here's an idea. Make the update installers cumulative. That would solve the problem. And far more complicated products (Microsoft Office, Windows) seem to be able to handle it just fine.
I am disappoint
"... purged of hole that was under attack"
And here I thought that there was a Paris Hilton angle to this article.
This kluge puts users at risk.
Some "anti-virus" software prevent you from downloading executables. If you want to download a binary file, you may have to "disable" your "anti-virus" software.
It is possible to get around this, but all the alternatives do have their own limitations, so which method are you suggesting?
Curious readers want to know...
Here's The Fix
1.) Uninstall Acrobat Reader
2.) Install Evince:
The Windows installer for Evince is 30MB - 4MB bigger than the 26MB installer for Adobe Reader 9.40.
What? Again? Time to ditch this upgrade monster
I've been a user of AdBloat Reader since version 2, but V9 seems to need updates almost as often as Windows. I'm off to find an opensource reader that doesn't have to be manually updated every other bloody week. It's not worth the effort for something that gets used once per month.
I'm quite impressed really
I firmly believe that most Adobe programmers must be getting paid under the table by RBN to provide this non stop wankfest of exploits from Acrobat, a program that displays computer representations of sheets of paper on your screen.
+1 for Evince.
"Building a sandbox into an application as complex as Reader has been compared by some to adding a basement to a 20-story building after it's already been erected."
I can't help thinking that it would be better all round if the world just admitted that it was on a hiding to nothing, had the building demolished and got a more reputable contractor in to build a new one. Maybe one with doors on it that lock rather than just a load of holes in the walls that anyone can walk through......
RE : Building analogies. →
I think it's the WINDOWS that are as much to blame