Feeds

back to article Adobe update tackles PDF peril

Adobe released an unscheduled update to Reader and Acrobat on Tuesday that addresses a variety of security bugs in its PDF software, including an unpatched flaw that has become the subject of hacking attacks over recent weeks. Updates of Adobe Reader and Acrobat 9.4 for Windows, Macintosh and Unix address a critical flaw in the …

COMMENTS

This topic is closed for new posts.
Silver badge

del /s *.pdf

Pointless Document Format.

1
1

If only it were that easy

There actually are points to PDF, quite a few of them in fact. But even it that weren't so, many of us do not live on uninhabited islands where we can make these decisions independently of suppliers and customers.

Alternate readers are a more realistic defense. It would be especially nice if there were a reader that refused to handle anything but PDF/A (and, of course, the corresponding default in the major generating apps).

0
0
Bronze badge

No can do...

del /s *.pdf ?

People insist on sending things to me in PDF and it's not good business sense to tell your customers to use a different file format.

Better to use a different reader.

0
0

Pointless?

Not if you work in print.

0
0
Gold badge

Adobe update tackles PDF peril

I doubt it.

Like busses, there will be another along any minute.

3
0
Bronze badge

"Busses", BristolBachelor?

I think that buses are much more frequently seen (by bachelors) than busses. I could be wrong, though.

0
0
FAIL

I'm sick and fucking tired of Adobe Patches

Did I wake up recently and discovered that I'm Adobe's Patch Beeatch? Sure seems that way for all the crap for all their stuff that makes me their Beeatch patching our home systems.

Really sick of it, they're worse than MSFT who can at least (usually) to have the patches rolled into 1 monster patch.

0
0
FAIL

Flash... oh dear

Allowing Flash files inside PDFs was just fail in the first place.

3
0
FAIL

Flaw?

The fact that PDF software plays flash files IS the critical flaw.

I think PDF is a fine technology in itself - whichever PHB in Adobe decided it should become a multimedia format should be taken out and shot.

0
0
Go

PDF... PDF viewers

The problem is not the PDF format itself. It's the dodgy programming of Acrobat Reader and Adobe's inability to fix it.

PDF is an important format everybody needs to exchange printable documents. There exist secure readers like Evince and Google Chrome developer version. Just make sure you don't use Adobe Products and you are generally quite safe.

http://live.gnome.org/Evince/Downloads

http://en.wikipedia.org/wiki/List_of_PDF_software

1
0
Flame

good work captain freetard

I am so tired of linux distributions coming without full-fat acroread and trying to shove various half-assed pdf readers down my throat. They invariably have a user interface that manages to be worse than acroread while being unable to render or print a variety of files. I haven't seen any evidence that they are any safer either-- as some actually informed commenters above pointed out, the PDF spec itself allows for embedding things like flash and javascript which greatly increases the difficulty of creating a secure reader.

I'll grant that acroread is a bloated steaming piece of crap with more security holes than you can shake a stick at, but I've yet to see anything better. There are many good FOSS projects, but slapping a gnu, bsd, or apache license on bad code in no way makes it better.

0
0
Silver badge

The format is at least half the problem.

"PDF is an important format everybody needs to exchange printable documents"

Yes, the key word being printable. How are you going to print Flash? Video? Audio? Why is that crap in the format other then to give them something new to put on the box of the latest $299 upgrade?

The latest hole is due to Flash. Something I do not even want in a printable document!

1
0
Grenade

@Hungry Adobe Salesman

Show me a single OS pdf reader which does JavaScript, ActionScript, Flash or Other Monkey-Dancing the way Adobe does.

I call your post FUD.

0
0
Silver badge

extravagantly open nature of the PDF specification

Open? I think the word you were looking for is bloated.

0
0
Anonymous Coward

acroflash

Wow ain't this weird

"Earlier version 8 installations of Reader and Acrobat are not vulnerable to the bug and therefore don't need patching. "

Sure enough, no update

still I think I'll keep it in <a href="http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c6f0a6ee-05ac-4eb6-acd0-362559fd2f04">EMET </a>

Thought for the day: Too bad EMET doesn't do dll's , we have to rename them.

0
0
Go

FACTS about PDF

Before you rant against PDF (as opposed to Adobe PDF software), you should better look at the standard:

http://en.wikipedia.org/wiki/PDF

and also

http://en.wikipedia.org/wiki/PDF/A

You will find that PDF is much better than Postscript and that most of it makes perfect sense. Sane developers don't implement the "dancing monkey" feature of embedding multimedia crap into a Reader.

PDF readers can indeed be implemented securely. One approach would be not to use C/C++, but PASCAL or ADA for PDF Readers. This would easily kill 90% of the exploit potential.

So as a real-world advice - simply don't use Adobe products and most problems disappear in a puff of smoke. Evince, xpdf, google Chrome dev version are very secure. If you are paranoid, use SE Linux or AppArmor to secure Evince even more.

0
0
This topic is closed for new posts.