Critical Adobe Reader vuln under 'targeted' attack

Beggars belief

>Users on other platforms can insulate themselves from the current attack by disabling javascript from running inside the application, but Adobe warned it's possible to design an exploit that works around that measure.<

:facepalm

Adobe should find the programmer responsible for writing all these vulnerabilities into their <expletive deleted> software, move him away from the herd (so as not to startle them) and <humanely> shoot him in the head - alternatively, take off and nuke the entire site from orbit...

I have quicktime/Realtime alternative and VLC for video with Foxit reader to read PDFs, but there is no (to my awareness), Flash replacement.

@PDF's purpose

Pointless Document Format's purpose is to make money for Adobe.

It is of NO use to the user.

As for the 'reason for javascript' - even HMTL doesn't need that.

PDF- it does nothing it says on the tin.

Re: Reason for JavaScript

"I think the use is for allowing URLs to connect to the Web and for jumping to anchors in the file (ie: Click here to scroll to somewhere in the file)."

Er, HTML allowed that twenty years ago with no scripting whatsoever. AC's point is well made. None of these vulnerabilities would exist if people used PDF for its original intent (ie, exactly preserving presentation) and used an appropriate technology for everything else. I mean, it's not like it is *hard* to find applications that support DHTML.

Adobe have tried to turn PDF into a proprietary version of the web. Sadly, this dubious project has merely retrodden the ground covered by Microsoft's efforts in the mid-90s when almost everything they produced was shot full of security holes.

I personally consider "using the PDF format" to be an act of bad netizenship. Every time you publish a document in that format, there's a risk that the recipients will use Acrobat Reader.

"reinvigorate its security program for Reader"

I wonder how many tens of megs THAT will add to the size of the bloated whale called Acrobat Reader.

New install

So now a new install will only need three additional updates before it's fully patched. It's just beyond belief that Adobe gets away with this crap - install a new version of reader direct from Adobe's web site, and then you need to install all the updates on top of that just to get it "secure" (until next week). FFS, it's not a friggin OS! It's (what used to be) a simple APPLICATION to read PDFs!!!!

Adobe, fix your development process, and until you do, start posting fully patched versions, and give us a reasonable way to keep our hundreds and thousands of desktops up-to-date! Compared to Adobe, MS looks like a poster child for how to do security.

Alternatives not well known

The lass broke her works laptop (she claims it just stopped working...) and it seems her IT bods don't actually install half the software required for the job by default when they do a HDD replacement. So, she went to install Reader - cue slow mo' shot of me going "Noooooooo!". You wouldn't believe how dificult it was for me to convince her to go with Foxit instead.

The trouble is nobody has heard of the alternatives, and even if they have, trying to explain why they should use one rather than the crap pumped out by Adobe invariably results in a shrug and "So?".

People need to be taught the value of diversity - it's the same in IT as in gene pools. If we're all the same, some disease/exploit comes along and it's goodnight Vienna. I use Opera and Foxit not because they are the best in their respective fields but because nobody is going to pay a blackhat to design an exploit for them - the RoI just isn't there. I'm therefore a lot safer than the masses just by picking another (free) tool to do the exact same job as IE or Acrobat.

FoxIt 3.1 isn't such a dog these days.

FoxIt 3.1 isn't such a dog these days.

I use it - on Windows - instead of Acrobat reader

http://www.foxitsoftware.com/pdf/reader/reader-interstitial.html