back to article Adobe Reader 0-day exploit surfaces on underground bazaars

Miscreants have reportedly discovered a zero-day vulnerability in latest version of Adobe Reader. Exploits based on the vulnerability, which circumvents sandbox protection technology incorporated into Adobe X and Adobe XI, are on sale in underground forums. Pricing starts at a hefty $30,000 but the exploit has already made its …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Those other PDF readers are WAY more insecure.

Get a grip....

0
0
Bronze badge
FAIL

Seriously though...

How long have PDFs been around? And how are they STILL coming up with fucking holes in the readers??

Definitely time, no way PAST time, to bin this clearly unfit document format!

2
3
Bronze badge
Thumb Down

Re: Seriously though...

The original document format was probably ok: supported TrueType & PostScript embedded fonts, vector graphics, bitmaps, not much else. But over time Adobe has taken it towards being some all-purpose document handling and presentation system, so now it has some custom sub-pixel rendering (eBook support - source of at least one zero-day buffer overrun), Javascript, and worst of all Flash, itself a ripe field for exploits.

Third party readers that limit their ambitions to showing text & graphics have a rather smaller attack surface.

4
0
Silver badge

PostScript Rendering should be a solved problem.

But no. Adobe have to continually update their product with interactive "features" :(

3
0
Silver badge

Re: PostScript Rendering should be a solved problem.

How else can they keep people on the upgrade treadmill?

0
0
Gold badge
Facepalm

Post recyling time.

I'll say it again.

1
0
Silver badge

Re: Post recyling time.

In that case. You can have a recycled upvote.

0
0
Happy

Acrobat Reader Lite

Hello Adobe, could we have a "lite" version of the reader that doesn't have all the bloat that seems to be the security issue? If it hadn't grown like Topsy over the years possibly these problems would be fewer and far between.

0
0
Meh

Re: Acrobat Reader Lite

Excellent idea! Adobe can have Reader Light and Adobe Acrobat Reader BLOATED. Which would you prefer?

0
0

This post has been deleted by its author

Megaphone

Two Useful Steps

Edit->Preferences->JavaScript uncheck 'Enable Acrobat JavaScript'

Edit->Preferences->Trust Manager uncheck 'Allow opening of non-PDF file attachments with external applications'

0
0
This topic is closed for new posts.

Forums