Adobe Reader 0-day exploit surfaces on underground bazaars
Miscreants have reportedly discovered a zero-day vulnerability in latest version of Adobe Reader. Exploits based on the vulnerability, which circumvents sandbox protection technology incorporated into Adobe X and Adobe XI, are on sale in underground forums. Pricing starts at a hefty $30,000 but the exploit has already made its …
This topic is closed for new posts.
Those other PDF readers are WAY more insecure.
Get a grip....
Seriously though...
How long have PDFs been around? And how are they STILL coming up with fucking holes in the readers??
Definitely time, no way PAST time, to bin this clearly unfit document format!
Re: Seriously though...
The original document format was probably ok: supported TrueType & PostScript embedded fonts, vector graphics, bitmaps, not much else. But over time Adobe has taken it towards being some all-purpose document handling and presentation system, so now it has some custom sub-pixel rendering (eBook support - source of at least one zero-day buffer overrun), Javascript, and worst of all Flash, itself a ripe field for exploits.
Third party readers that limit their ambitions to showing text & graphics have a rather smaller attack surface.
PostScript Rendering should be a solved problem.
But no. Adobe have to continually update their product with interactive "features" :(
Re: PostScript Rendering should be a solved problem.
How else can they keep people on the upgrade treadmill?
Re: Post recyling time.
In that case. You can have a recycled upvote.
Acrobat Reader Lite
Hello Adobe, could we have a "lite" version of the reader that doesn't have all the bloat that seems to be the security issue? If it hadn't grown like Topsy over the years possibly these problems would be fewer and far between.
Re: Acrobat Reader Lite
Excellent idea! Adobe can have Reader Light and Adobe Acrobat Reader BLOATED. Which would you prefer?
Two Useful Steps
Edit->Preferences->JavaScript uncheck 'Enable Acrobat JavaScript'
Edit->Preferences->Trust Manager uncheck 'Allow opening of non-PDF file attachments with external applications'
This topic is closed for new posts.
