Adobe released an unscheduled update to Reader and Acrobat on Tuesday that addresses a variety of security bugs in its PDF software, including an unpatched flaw that has become the subject of hacking attacks over recent weeks. Updates of Adobe Reader and Acrobat 9.4 for Windows, Macintosh and Unix address a critical flaw in the …
del /s *.pdf
Pointless Document Format.
If only it were that easy
There actually are points to PDF, quite a few of them in fact. But even it that weren't so, many of us do not live on uninhabited islands where we can make these decisions independently of suppliers and customers.
Alternate readers are a more realistic defense. It would be especially nice if there were a reader that refused to handle anything but PDF/A (and, of course, the corresponding default in the major generating apps).
No can do...
del /s *.pdf ?
People insist on sending things to me in PDF and it's not good business sense to tell your customers to use a different file format.
Better to use a different reader.
Not if you work in print.
Adobe update tackles PDF peril
I doubt it.
Like busses, there will be another along any minute.
I think that buses are much more frequently seen (by bachelors) than busses. I could be wrong, though.
I'm sick and fucking tired of Adobe Patches
Did I wake up recently and discovered that I'm Adobe's Patch Beeatch? Sure seems that way for all the crap for all their stuff that makes me their Beeatch patching our home systems.
Really sick of it, they're worse than MSFT who can at least (usually) to have the patches rolled into 1 monster patch.
Flash... oh dear
Allowing Flash files inside PDFs was just fail in the first place.
The fact that PDF software plays flash files IS the critical flaw.
I think PDF is a fine technology in itself - whichever PHB in Adobe decided it should become a multimedia format should be taken out and shot.
PDF... PDF viewers
The problem is not the PDF format itself. It's the dodgy programming of Acrobat Reader and Adobe's inability to fix it.
PDF is an important format everybody needs to exchange printable documents. There exist secure readers like Evince and Google Chrome developer version. Just make sure you don't use Adobe Products and you are generally quite safe.
good work captain freetard
I'll grant that acroread is a bloated steaming piece of crap with more security holes than you can shake a stick at, but I've yet to see anything better. There are many good FOSS projects, but slapping a gnu, bsd, or apache license on bad code in no way makes it better.
The format is at least half the problem.
"PDF is an important format everybody needs to exchange printable documents"
Yes, the key word being printable. How are you going to print Flash? Video? Audio? Why is that crap in the format other then to give them something new to put on the box of the latest $299 upgrade?
The latest hole is due to Flash. Something I do not even want in a printable document!
@Hungry Adobe Salesman
I call your post FUD.
extravagantly open nature of the PDF specification
Open? I think the word you were looking for is bloated.
Wow ain't this weird
"Earlier version 8 installations of Reader and Acrobat are not vulnerable to the bug and therefore don't need patching. "
Sure enough, no update
still I think I'll keep it in <a href="http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c6f0a6ee-05ac-4eb6-acd0-362559fd2f04">EMET </a>
Thought for the day: Too bad EMET doesn't do dll's , we have to rename them.
FACTS about PDF
Before you rant against PDF (as opposed to Adobe PDF software), you should better look at the standard:
You will find that PDF is much better than Postscript and that most of it makes perfect sense. Sane developers don't implement the "dancing monkey" feature of embedding multimedia crap into a Reader.
PDF readers can indeed be implemented securely. One approach would be not to use C/C++, but PASCAL or ADA for PDF Readers. This would easily kill 90% of the exploit potential.
So as a real-world advice - simply don't use Adobe products and most problems disappear in a puff of smoke. Evince, xpdf, google Chrome dev version are very secure. If you are paranoid, use SE Linux or AppArmor to secure Evince even more.