back to article You've got three days to patch Adobe Flash, Air, Reader

Adobe has patched seven vulnerabilities in its Flash and Air platforms and one in Reader and Acrobat that is being exploited by attackers. The vulnerabilities could allow attacker to "take control of affected systems" dubbed critical by the company. Administrators were urged to apply the updates within three days on Windows, …

  1. Someone Else Silver badge
    Coat

    Is this not a good time to mention Foxit?

    1. Anonymous Coward
      Mushroom

      Using Foxit myself... and while I do appreciate not having to update the software every other week it does also make me worry at times. Hah.

    2. foxyshadis

      Foxit is nice enough...

      ...but I just finally had to dump it for Adobe last night, despite the incredibly bad taste in my mouth. It just plain couldn't handle huge PDFs, leaving a black screen instead, and it was always slow as molasses at rendering complex PDFs anyway. It seems to have been largely abandoned, no performance updates for years, just little UI changes and bugfixes. But yeah, you can imagine how awesome it feels to have a critical update come out the day I switch over.

      (The fact that it's now almost as spammy about upgrading as Adobe doesn't help.)

      1. Anonymous Coward
        Anonymous Coward

        Re: Foxit is nice enough...

        A foxit update was issued recently

      2. king of foo

        Re: Foxit is nice enough...

        Firefox and chrome render most PDFs without need of plugins or local PDF readers. It amazes me how many users stick with ie.

        For anything else you can get away with Sumatra, foxit or perhaps pdfxchange. I'm using foxit at the moment but preferred Sumatra and may go back. I'm not a heavy PDF consumer and have yet to find anything the above couldn't handle.

        Have you tried chopping the problem file up using something like pdfsam?

        1. bitmap animal
          Thumb Up

          Re: Foxit is nice enough...

          +1 for Sumatra. I've been using it for a while and it seems to render everything without a hitch - except for the active documents but I'd rather they went away anyway. It is also fairly small and isn't bloated.

          I can't comment on if it's secure or not though, who knows but as it just displays the static files (as far as I know) there should be less opportunity for problems.......

          Unfortunately some companies send out active PDFs that require Adobe Reader. HMRC being one of them, it's a PITA having to set up the certificates and open up Adobe Reader to allow the forms to run.

          1. king of foo

            Re: Foxit is nice enough...

            Active PDFs?

            Ew.

            That is all...

    3. Anonymous Coward
      Anonymous Coward

      Stopped using Foxit when its installer decided to change your default homepage, search engine and add a search toolbar without warning.

      It was a few years ago but I haven't trusted them since.

      1. Elmer Phud

        I've not had that issue.

        But I do check for these things when installing and also am careful where I get updates from.

        But even if I forget to untick boxes I can easily rectify that by uninstalling any toolbars anyway.

        1. Anonymous Coward
          Anonymous Coward

          But it did it on a number of browsers (not just toolbars). You open up IE after not using it for 3 months and wonder how there was adware installed onto it.

          They changed it to ask whether to install it but even if you asked it not to it still changed your search provider.

        2. Anonymous Coward
          Anonymous Coward

          Also some versions prevented you from uninstalling the toolbar see here:

          http://www.wizcrafts.net/blogs/2010/04/the_foxit_pdf_reader_is_becoming_an_adware_sup.html

          Also see the steps they went to to make you install the toolbar (after the version where they had installed it anyway)

          http://downloadsquad.switched.com/2010/06/29/foxit-updates-free-pdf-reader-to-v4-but-watch-out-for-adware/

          1. Anonymous Coward
            Anonymous Coward

            PDFXchange

            I've been using PDF-XChange for a while now. I like the fact that it makes it explicitly clear that the free version is free for personal and commercial use, so that I don't have to be concerned about installing it for small businesses, and I have had one encounter with a "signed" form that did require the use of Adobe Reader instead, but generally the performance and functionality fo PDFXchange is more than satisfactory.

          2. SoltanGris

            That was my experience with Foxit after years of using it with no issues.

            One day a update arrived. I installed it.

            A whole nest of adbars were installed on each browser I have on this system, FIrfox(primary)

            IE hardly used and Chrome even less used.

            In each case I found it impossible to totally remove the adbar. IT returned after reboots on Firefox,

            and in the case of chrome I never did figure out how to remove it. IT always returned.

            At the time I was using Norton Security, it was of course useless . That prompted me to install

            Malware Bytes, it found the adware that it properly listed as a malware.

            Removed it and I solved the problem. Note it did require a reboot and ANOTHER run of Malware

            Bytes to totally eradicate.

            I'll never use Foxit again. I've moved on to Sumatra. I have no idea if it is secure or not but

            it works for the PDF's I read so far.

            For those that say adbars addons like that are not malware, you are most likely part of the scum bag industry doing that sort of thing. It is malware if it acts like malware.

  2. danjackson

    Update management

    Still no centralised update management from Adobe for Flash or Reader. We tried doing it via GPOs for Flash, but the net result seems to be that on some computers Flash gets uninstalled entirely. Need a more reliable way (that does not involve setting up an SCCM infrastructure).

    1. Anonymous Coward
      Mushroom

      Re: Update management

      In all honesty I have actually never ever encountered problems rolling out Flash updates via GPO as long as you update version after version (missing out on a couple of versions can cause problems). Acrobat on the other hand is one royal pain in the arse.

      If you download a 10.1.3* setup file of Acrobat for example you will actually notice that said setup file actually contains a 10.0 MSI followed by a 10.1 MSP and a 10.1.1 MSP and a 10.1.3 MSP. Or some such. Seriously. WTF? Then having to create an administrative install of this fucking unnecessary mess because Fuckobe haven't the slightest fucking clue on how to keep their base installers up-to-date. And forget about rolling out the MSP's individually. Almost never works. So every single time there's an update... extract setup, extract MSI to admin install, extract all the MSP's, run the Acrobat Customization Wizard for the 74th time to make sure nothing broke the MST... DEPLOY.

      No such problems with Foxit.

      *I probably made those version numbers up but you get the idea. It's been a while since I had to deal with this excuse of an application.

    2. BPR

      Re: Update management

      As recommended by Trevor Pott, for the last couple of years I've been using Ninite Pro to automatically update Flash, Reader and many other pieces of software on a few networks I manage. It saves me many hours of work each month and has been very reliable so far.

    3. Velv
      FAIL

      Re: Update management

      Even if you use a third party update tool, you can't actually turn off the inbuilt Adobe Updater for Flash. If you want to stop it checking for and offering updates you need to set the check time to a large number as well.

      I found this after being offered updates after turning off auto-update.

      I then found this article: https://forums.adobe.com/message/6250514

    4. Maventi

      Re: Update management

      It's sad how the Windows package management and updating systems are so terrible unless one forks up mega cash for SSCM (and wants to deal with the extra complexity). Binary executable installers need to die but they are sadly an ingrained part of the Windows culture. Even MS Office (once a poster child for this) hasn't supported GPO/MSI deployment since 2007 which means writing ugly scripts to do all the work.

      Believe it or not it is actually possible to roll out Reader and Flash via GPO but it's by no means straightfoward.

      One small business setup I work with uses Ubuntu and these sorts of problems just don't exist as everything gets patched daily via Apt. It's pure bliss by comparison.

  3. batfastad

    Lol @ Adobe Reader

    Unfortunately bundled with new computers and pumped out in group policies across the world.

    Do yourself a favour... http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-reader.html

    Using Firefox? about:config... pdfjs.disabled = TRUE will be good for you as well. I got fed up of it hosing my browser when loading any PDF larger than 5MB.

  4. Jamie Jones Silver badge
    Facepalm

    Use after free?

    Really? In 2014?

    What happened to NULLing pointers after freeing? A trivial modification.

    1. Someone Else Silver badge

      @ Jamie Jones -- Re: Use after free?

      Nothing really...except that most people use delete nowadays...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like