back to article Adobe Reader 0-day exploit surfaces on underground bazaars

Miscreants have reportedly discovered a zero-day vulnerability in latest version of Adobe Reader. Exploits based on the vulnerability, which circumvents sandbox protection technology incorporated into Adobe X and Adobe XI, are on sale in underground forums. Pricing starts at a hefty $30,000 but the exploit has already made its …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Those other PDF readers are WAY more insecure.

    Get a grip....

  2. NogginTheNog
    FAIL

    Seriously though...

    How long have PDFs been around? And how are they STILL coming up with fucking holes in the readers??

    Definitely time, no way PAST time, to bin this clearly unfit document format!

    1. Anonymous Coward
      Thumb Down

      Re: Seriously though...

      The original document format was probably ok: supported TrueType & PostScript embedded fonts, vector graphics, bitmaps, not much else. But over time Adobe has taken it towards being some all-purpose document handling and presentation system, so now it has some custom sub-pixel rendering (eBook support - source of at least one zero-day buffer overrun), Javascript, and worst of all Flash, itself a ripe field for exploits.

      Third party readers that limit their ambitions to showing text & graphics have a rather smaller attack surface.

  3. Crisp

    PostScript Rendering should be a solved problem.

    But no. Adobe have to continually update their product with interactive "features" :(

    1. Tom 35

      Re: PostScript Rendering should be a solved problem.

      How else can they keep people on the upgrade treadmill?

  4. TeeCee Gold badge
    Facepalm

    Post recyling time.

    I'll say it again.

    1. Crisp

      Re: Post recyling time.

      In that case. You can have a recycled upvote.

  5. Refugee from Windows
    Happy

    Acrobat Reader Lite

    Hello Adobe, could we have a "lite" version of the reader that doesn't have all the bloat that seems to be the security issue? If it hadn't grown like Topsy over the years possibly these problems would be fewer and far between.

    1. Tree
      Meh

      Re: Acrobat Reader Lite

      Excellent idea! Adobe can have Reader Light and Adobe Acrobat Reader BLOATED. Which would you prefer?

  6. This post has been deleted by its author

  7. steve876
    Megaphone

    Two Useful Steps

    Edit->Preferences->JavaScript uncheck 'Enable Acrobat JavaScript'

    Edit->Preferences->Trust Manager uncheck 'Allow opening of non-PDF file attachments with external applications'

This topic is closed for new posts.

Other stories you might like