Feeds

back to article Adobe Reader browse-and-get-pwned 0day under attack

Adobe has confirmed reports that yet another unpatched vulnerability in the latest versions of its ubiquitous software is being actively exploited to infect end users with data-stealing malware. The vulnerability exists in Adobe's Reader document viewer and Flash Media Player for Windows, OS X and Unix operating systems, Adobe …

COMMENTS

This topic is closed for new posts.
Thumb Up

more bloat, more bugs..

These guys issue more updates than Microsoft these days, I can't keep up with them. No wonder Apple wishes Flash banished. No doubt when the sandbox technology makes it's appearance the download will probably double in size.

6
0
Pint

Way to go, Adobe!

With one coding error you manage to make vulnerable two applications on a Windows PC simultaneously. I'm impressed or shall I say I'm moved... to an alternate PDF viewer.

0
0

Who will provide the sandbox...

Who will provide the sandbox?

I hope its from a reputable third party, because Adobe doesn't seem to be on the cutting edge of securing software.

2
0
FAIL

Microsoft

There was some information that MS were helping them develop it.

Instead of trying another incremental solution just rewrite the damn thing from the ground up with security in mind - that's got a far greater chance of "fixing" it than just trying to plug holes.

2
0
Silver badge
FAIL

sad but true

When M$ is having to help you with security because you are making their platform look insecure you know you have problems. Seriously though M$ unlike Adobe has come a long way in taking security seriously and though still fairly bad it has actually improved somewhat. Nice how the short term gain of moving development to India to boost executives bonuses is now biting them hard in the butt. Get mine right now and screw everyone else attitude why western civ is starting to decline.

2
0
Silver badge

Or they could just re-write without using Active X.

Oh wait, that COULD be taken to mean "security in mind" ...

0
0

Bad Couple of Years for the Adobe Security Team?

Working in a security team is usually a depressing experience - under-resourced and fixing crap mistakes made by people who should have known better; not being allowed in to the design and review cycle early; etc.

And now you report it as if they are the ones to blame.... look higher up the tree and earlier in the process!

7
0
Silver badge
FAIL

Not just security

Have you ever tried to get time and budget to refactor old code? Or offer management two solutions:

Quick 'n' dirty.

Slow but well implemented.

Guess which they go for every time? Try and point out that the slower solution will be more future-proof and what's their response? "Doesn't matter - we can just factor the issues into development time for the next project".

The only projects I've worked on where the team was allowed to make quality and future-proofing a priority are those where the engineers ran the team. That's happened twice in the last 25 years.

1
0

PDF Xchange Viewer

...from Tracker is another alternative.

Susceptible to this? Can't say, but I've used it for a long time now after Adobe bloated their reader out of contention and never had a problem.

1
0

Adobe reader

is terrible these days, it's a huge install and full of problems.

I'd avoid it toally and use an alternative like Foxit

2
0

Should take a page from Microsoft.

Microsoft gives away a product called document viewer that does not have VBA capability and is a fairly safe way of looking at a possibly compromised DOC file.

Perhaps Adobe should do the same and make a product for looking at PDFs; I don't know what they would call it though, any suggestions?

3
0
Anonymous Coward

I've got a name suggestion

"PD File".

0
0

Ttir,amcla/od

I honestly wasn't aware that anyone even used it anymore...

I've been using Foxit Reader for ages, amongst others. It's not even much smaller than Adobe but it does the job fine.

0
0
Go

Yet another...

...reason to use HTML5.

2
0
Silver badge
Pint

(untitled)

It wouldn't be so bad if Adobe would make these things updateable using WSUS or something, but their whole world vision seems to be that every user is the admin on their PC and they can do these things by themselves, making us poor sysadmins either push them out using pstools or run around from workstation to workstation every week. This increases the consumption of beer. Maybe Adobe is in cahoots with the major breweries?

7
0
Bronze badge
Jobs Horns

must contain letters and/or digits

Foxit is great. Starting to get a bit bloated these days but still loads very very quickly.

Another good one is Sumatra PDF but that's a bit more basic.

Cannot wait until Adobe ceases to exist!

0
0
Unhappy

liability

shouldn't adobe be held responsible for systems getting compromised?

1
0
Anonymous Coward

Yes they should, as should Microsoft

and Oracle (now that they own Java)

0
0

isn't it annoying ....

.... how often Steve Jobs is right? Keeping this bug-ridden pile of insecure turds off the iPad is looking like a highly prescient decision.

5
3
Silver badge
Grenade

Having

been recently pwned by the ramnit virus, if only m$ had designed the damned operating system so that users could'nt alter core system files without using a password.

Oh and the code that ate my system was a VBscript consisting of

Check for SVChost (windows only thing i guess)

Load data into memory

exec svchost linked to the data

How ****ing stupid is that ?

Any software designers that allow that sort of thing to happen ought to be taken out and shot.

I wont mention what should be done with the virus creators, but it does involve the hand grenade

0
0

@Having (FYI)

svchost.exe is a generic application used as a host for DLLs (Windows shared libraries). DLLs can't be run directly from Windows; they have to be loaded and executed from some other executable. svchost.exe is an executable designed for that purpose.

At any time there will be a pretty long list of instances of svchost.exe, each of which is running one or more services from their respective DLLs. This virus was set up to run this way. It looks like from your description the data loaded into memory was the image of a DLL and svchost.exe was then induced to run it as such.

0
0
Silver badge
Boffin

Could've been better though

I understand the need for svchost but the reporting leaves a lot to be desired. TaskManager should be able to do better than just say 'svchost'. It ought to be able to list the DLLs it's hosting as a minimum. Ideally there should be a utility (maybe svchost itself) that can display the DLLs along with a meaningful description.

1
0
Gold badge
Happy

@ AndrueC

You mean like the Task Manager on Se7en does if you ask it nicely what that particular "svchost" is doing?

XP types can swap the XP Task Manager for the Sysinternals (now MS TechNet) Process Explorer to get the same functionality, showing the tasks hosted and allowing you to drill down and view the individual threads that it's fired off.

The one being developed on the freshly-Borged other.

0
0
Silver badge
Thumb Up

Interesting

I didn't know about Se7en (thanks for that) but I did know about SysInternals. Unfortunately I gave up on that because it takes sooooo long to open up. Half the time it took so long that the application I wanted to kill off had already died.

0
0
WTF?

Total total rubbish

According to popular myth even a bunch (sorry, troop) of monkeys with typewriters can get it right now and again! I don't even know if I can be bothered installing another Adobe update - what is it going to do next? Jeez, my PC needs more attention than my freaking kids nowadays! Pity I can't use 2 WTF Icons at the same time?

0
0
Linux

Pardon my smug grin

I use Linux and KPDF, so this doesn't affect me.

4
1
Silver badge
Stop

Don't count your chickens

If/when Linux ever becomes a massively popular OS (ie;gains market share at least vaguely close to Windows) then bugs in Flash will matter more. It's a shame Linux hasn't achieved that kind of adoption really. It'd be very interesting to see how it would withstand the onslaught from hordes of Bad People(TM) once they thought enough people were using it to make it a worthwhile target.

0
0
Silver badge
FAIL

Upgrade treadmill

PDF was a Portable Document Format. But Adobe want more money, so they want to sell upgrades, so they need new features that the marketing department can stick on the box.

They ran out of useful new features years ago and now keep sticking more crap that has nothing to do with documents into Acrobat. Who asked for Flash, video, sound in PDF files?

1
0
Boffin

Adobe trivia

If I remember correctly PDF originally stood for Page Description File. Those were simpler times.

0
0
Stop

...ubiquitous - so a nice target

sorry but Adobe flash and Adobe reader are pretty ubiquitous in the online world - to view flash video and read PDFs - as such, a vast majority of systems on the web have such tools installed to make the web useful - and thus are prime targets for hackers.

okay...so you remove them - and their replacements are targetted instead - and that will be FoxIt too if it was worth it. and if not flash, then it'll be the browser itself - mark my words, the video components of new browsers will be seriously tested with HTML 5 and MP4 codecs being probed and attacked. the old MacOSX security myth is also slowly being eroded. Safari and Quicktime having quite a few updated in the past year already

1
1
Silver badge
FAIL

@...ubiquitous

Your theory is only partly tight - of course virus writers go for the biggest return (i.e. maximum number of users and/or biggest value targets to hack open).

But it also fails to weight up the relative underlying quality of code in different cases. If product A had hundreds of exploitable bugs, but product F only a few, even if they were of equal popularity you can work out which is going to be getting pw0ned more often.

Adobe's problem is they have so much dumb stuff in Acrobat (as already pointed out, who actually wants scripting and application running in a document reader?) and it appears to be written by incompetent monkeys, a combination guaranteed to FAIL.

2
0
Jobs Horns

Quite compelling

This supports my theory that most of the computer viruses in existence were created by Mac users.

OK...maybe not. Makes you wonder, though...

0
1
FAIL

How many more times...

...does this have to happen? Dump Flash, dump Adobe, and dump Windows at the same time, for good measure. Security problem solved.

1
0
Bronze badge

Time limited protection

RE: "How many more times... ...does this have to happen? Dump Flash, dump Adobe, and dump Windows at the same time, for good measure. Security problem solved."

For 6 months, until the guys writing the exploits stop aiming at Windows and instead start aiming at supposedly secure operating systems. Firefox on non-windows operating systems was shown to be vulnerable to the same 0-day that some script kiddie went after a few days ago.

The only difference was his malware was windows only. When malware starts becoming cross platform and includes Linux, then you're going to start needing to install proper AV on Linux :(

0
0
Silver badge
Thumb Down

Hit the delete button

And their installer will no doubt still drop a useless program icon on my desktop.

0
0
Silver badge

Dump PDF

it really doesn't do anything it says on the tin.

0
0
Anonymous Coward

"Dump PDF"

Why? Is it PDF that's broken, or is it Adobe's recent readers?

I still use Acrobat 5. It does what it says on the tin. It loads quickly and then it reads documents, and that's about all it does. Until it stops working (and it still works with pretty much every PDF I ever needed to read) then I stick with it. There's a lot of PDF out there and it's not going away anytime soon, even if Adobe Reader is.

0
0

use Sumatra

I use Sumatra for reading .pdf's. Fast free and open source.

1
0
Silver badge
Go

I use evince

Builds for windows here:

http://live.gnome.org/Evince/Downloads.

Adobe stopped adding useful things at around version 3 or 4 of reader. Since then, they have simply been 'embracing and extending' their own open format, in order to ensure that only Adobe Reader is able to process them (think gov.uk 'secure pdf' forms).

They are like Microsoft 10 years ago, except seemingly without any competent code monkeys.

1
0

Spam promo of 3rd party pdf alternative

I got several like this yesterday (2 versions with different download addresses but both resolving to the same URL). Sender name given as Adobe Support or Adobe News

"Adobe is pleased to announce new version upgrades for Adobe Acrobat 2010.

To upgrade and enhance your work productivity today, go to: http://www.adobe-acrobat-new-download.com"

(the other address: http://www.official-adobe-software.com)

Adobe don't publish any email addresses on their website so can't advise them of the spam.

While I'm not "a friend of Adobe" (with particular reference to their policy of translating already high USD price to GBP price by changing the currency symbol) nor do I have any time for a spam-promoted alternative. And who knows what malware it may include... At least the official product only contains bugs and vulnerabilities! And at least we get to hear about them and Adobe will probably release patches.

0
1
Grenade

Abandon ship!

Abandon ship! the Adobe boat is sinking and has too many holes to be fixed. Time to build a new boat of better stuff with NO HOLES.

0
0
FAIL

Grr, I've had enough

I've uninstalled Flash entirely (and disabled Chrome's built-in Flash too). Roll on Firefox 4 and WebM HTML5 codec support.

1
0
This topic is closed for new posts.