Security researchers have released what they say is an unofficial fix for the critical Adobe Reader vulnerability that's being actively exploited to install malware on machines running Microsoft Windows. The download replaces a buggy strcat call in a font-rendering DLL module with a more secure function, according to this …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Wednesday 15th September 2010 21:27 GMT roknich

Read your acrobat docs on a linux machine

this is particularly easy on Ubuntu desktop 8.04.

linux provides several "readers" that require no thought to use or install

just use the default.

4 2
1. Wednesday 15th September 2010 21:55 GMT Anonymous Coward
  
  Evince Also Works On Windows
  
  just download it.
  
  0 0
Wednesday 15th September 2010 21:27 GMT Anomalous Cowturd

Never a truer word spoken

> It's also worth pointing out that the vast majority of Reader users could protect themselves by using an alternative PDF viewer that isn't as widely targeted.

Foxit, Evince, and many more.

All aboard the Skylark!!!

2 0
Wednesday 15th September 2010 22:47 GMT Anonymous Coward

Is Acrobat 5.1 vulnerable?

I still use it, because it can still read all the documents I need to read, but comes without all the new-fangled bloatware and all the man-years of vulnerabilities associated with the bloatware. I did try Foxit but me and it didn't get on, so it just seemed simpler to go back to Acrobat 5.1.

0 0
Thursday 16th September 2010 01:49 GMT Keith T

Adobe looks really ridiculous

I mean, Adobe Reader isn't doing anything truly complicated, it isn't an operating system, it doesn't even author .PDFs.

But even with such a relatively simple product, Adobe is having problem after problem and is extremely slow with fixes.

3 0
1. Thursday 16th September 2010 05:25 GMT Steen Hive
  
  Relatively simple?
  
  Have you *seen* the mountains of cruft that pos installs on a machine? Granted, very little of it has anything to do with reading PDFs - but it's still there, hogging resources, painting big bullseyes on your bank-account details.
  
  0 0
2. Thursday 16th September 2010 05:25 GMT asdf
  
  because Adobe follows industry worst practices
  
  Adobe was a pioneer of offloading their code development to India to the lowest bidder. Surprise surprise code monkey hacks produce spaghetti code that is full of bugs that take forever to find and patch correctly. Now their software is the worse in the industry and the only mystery is why the hell is it on so many boxes. Always one of the first steps to securing a computer is to check and recheck that no Adobe software is installed. If it is no matter what you do the box can't be locked down.
  
  3 0
Thursday 16th September 2010 09:04 GMT Anonymous Coward

Adobe Reader

Three weeks for a simple fix to critical, currently exploited patch seems like taking the piss.

But maybe Adobe have worked out that this type of problem doesn't actually affect their core business or their revenues.

After all it is not going to affect Adobe Acrobat Writer sales. The reader is just a loss leader, Adobe aren't actually going to make any money out of fixing it.

0 0
Thursday 16th September 2010 09:19 GMT Anonymous Coward

List Of Adobe Reader Fixes For Windows

Evince:

http://download.gnome.org/binaries/win32/evince/2.30/evince-2.30.3.msi

(strongly suggested)

xpdf:

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4-win32.zip

Google Chrome dev version:

http://www.google.com/chrome/eula.html?extra=devchannel

GSView:

http://mirror.cs.wisc.edu/pub/mirrors/ghost/ghostgum/gsv49w32.exe

0 0
Thursday 16th September 2010 09:19 GMT roknich

Warehouse of Bad Code

"Adobe was a pioneer of offloading their code development to India to the lowest bidder."

Ok, then tell me what do they keep in that large building down the street from the Caltran in San Jose?

1 0
Thursday 16th September 2010 10:26 GMT Tom 7

Another victory for Pointless Document Format

its a computer not a filing cabinet - get paper shaped shit in the recycling bin where it belongs.

0 0
Thursday 16th September 2010 14:11 GMT Anonymous Coward

Sumatra PDF Reader

Open source, free, no install required, no iffy browser toolbar options, portable. It just works.

0 1
Thursday 16th September 2010 14:34 GMT Ross 7

Brick?

Rather weird claim in the article.

Testing the patch / update is a thoroughly good idea, and apparantly something they've not done before given the quality of output we get from Adobe. However, testing it to make sure it doesn't brick any Win installations?!

It takes some pretty impressive coding to brick an OS from ring-3 these days.

And who the hell uses strcat and its ilk outside of homebrew kludge-ware intended for personal use only?! When did Aleph1 explain buffer overflows in extremely simple terms? 10 years ago? Pretty sure he advocated keeping well away from strcat, sprintf etc. Organisations the size of Adobe have ridiculous numbers of policies and procedures when it comes to coding - surely that should include the public flogging of anyone using such functions...

0 0
1. Thursday 16th September 2010 23:00 GMT Anonymous Coward
  
  Foxit rocks
  
  Really nice, light weight reader.
  
  0 0
2. Thursday 16th September 2010 23:27 GMT Anonymous Coward
  
  Errm, No
  
  They might have any number of ridiculous beancounting regulations, but coding is normally handled very, very informallly. What counts in the end is to deliver features on time. New Features => SALES !
  
  That's how it was in the 80s when people like Warnock and Gates grew their businesses. They still have not changed their mindsets. I doubt they will before they die.
  
  Gates was talking some crap about "Security Development Lifecycle" and it turned out that beneath the shiny GUI we had fermenting flesh from Windows 3.11 in "Windows 7".
  
  Adobe would only notice if their financial figures changed. As they don't make money with Acroread, why should they ?
  
  0 2