back to article Adobe update tackles PDF peril

Adobe released an unscheduled update to Reader and Acrobat on Tuesday that addresses a variety of security bugs in its PDF software, including an unpatched flaw that has become the subject of hacking attacks over recent weeks. Updates of Adobe Reader and Acrobat 9.4 for Windows, Macintosh and Unix address a critical flaw in …

COMMENTS

This topic is closed for new posts.
  1. Tom 7

    del /s *.pdf

    Pointless Document Format.

    1. Rob Carriere

      If only it were that easy

      There actually are points to PDF, quite a few of them in fact. But even it that weren't so, many of us do not live on uninhabited islands where we can make these decisions independently of suppliers and customers.

      Alternate readers are a more realistic defense. It would be especially nice if there were a reader that refused to handle anything but PDF/A (and, of course, the corresponding default in the major generating apps).

    2. Grease Monkey Silver badge

      No can do...

      del /s *.pdf ?

      People insist on sending things to me in PDF and it's not good business sense to tell your customers to use a different file format.

      Better to use a different reader.

    3. sinisterpictures

      Pointless?

      Not if you work in print.

  2. BristolBachelor Gold badge

    Adobe update tackles PDF peril

    I doubt it.

    Like busses, there will be another along any minute.

    1. Michael Thibault

      "Busses", BristolBachelor?

      I think that buses are much more frequently seen (by bachelors) than busses. I could be wrong, though.

  3. Steen Hive
    FAIL

    Flaw?

    The fact that PDF software plays flash files IS the critical flaw.

    I think PDF is a fine technology in itself - whichever PHB in Adobe decided it should become a multimedia format should be taken out and shot.

  4. Tim Brown 1
    FAIL

    Flash... oh dear

    Allowing Flash files inside PDFs was just fail in the first place.

  5. s. pam Silver badge
    FAIL

    I'm sick and fucking tired of Adobe Patches

    Did I wake up recently and discovered that I'm Adobe's Patch Beeatch? Sure seems that way for all the crap for all their stuff that makes me their Beeatch patching our home systems.

    Really sick of it, they're worse than MSFT who can at least (usually) to have the patches rolled into 1 monster patch.

  6. Anonymous Coward
    Go

    PDF... PDF viewers

    The problem is not the PDF format itself. It's the dodgy programming of Acrobat Reader and Adobe's inability to fix it.

    PDF is an important format everybody needs to exchange printable documents. There exist secure readers like Evince and Google Chrome developer version. Just make sure you don't use Adobe Products and you are generally quite safe.

    http://live.gnome.org/Evince/Downloads

    http://en.wikipedia.org/wiki/List_of_PDF_software

    1. Hungry Sean
      Flame

      good work captain freetard

      I am so tired of linux distributions coming without full-fat acroread and trying to shove various half-assed pdf readers down my throat. They invariably have a user interface that manages to be worse than acroread while being unable to render or print a variety of files. I haven't seen any evidence that they are any safer either-- as some actually informed commenters above pointed out, the PDF spec itself allows for embedding things like flash and javascript which greatly increases the difficulty of creating a secure reader.

      I'll grant that acroread is a bloated steaming piece of crap with more security holes than you can shake a stick at, but I've yet to see anything better. There are many good FOSS projects, but slapping a gnu, bsd, or apache license on bad code in no way makes it better.

      1. Anonymous Coward
        Grenade

        @Hungry Adobe Salesman

        Show me a single OS pdf reader which does JavaScript, ActionScript, Flash or Other Monkey-Dancing the way Adobe does.

        I call your post FUD.

    2. Tom 35

      The format is at least half the problem.

      "PDF is an important format everybody needs to exchange printable documents"

      Yes, the key word being printable. How are you going to print Flash? Video? Audio? Why is that crap in the format other then to give them something new to put on the box of the latest $299 upgrade?

      The latest hole is due to Flash. Something I do not even want in a printable document!

  7. Tom 35

    extravagantly open nature of the PDF specification

    Open? I think the word you were looking for is bloated.

  8. Anonymous Coward
    Anonymous Coward

    acroflash

    Wow ain't this weird

    "Earlier version 8 installations of Reader and Acrobat are not vulnerable to the bug and therefore don't need patching. "

    Sure enough, no update

    still I think I'll keep it in <a href="http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c6f0a6ee-05ac-4eb6-acd0-362559fd2f04">EMET </a>

    Thought for the day: Too bad EMET doesn't do dll's , we have to rename them.

  9. Anonymous Coward
    Go

    FACTS about PDF

    Before you rant against PDF (as opposed to Adobe PDF software), you should better look at the standard:

    http://en.wikipedia.org/wiki/PDF

    and also

    http://en.wikipedia.org/wiki/PDF/A

    You will find that PDF is much better than Postscript and that most of it makes perfect sense. Sane developers don't implement the "dancing monkey" feature of embedding multimedia crap into a Reader.

    PDF readers can indeed be implemented securely. One approach would be not to use C/C++, but PASCAL or ADA for PDF Readers. This would easily kill 90% of the exploit potential.

    So as a real-world advice - simply don't use Adobe products and most problems disappear in a puff of smoke. Evince, xpdf, google Chrome dev version are very secure. If you are paranoid, use SE Linux or AppArmor to secure Evince even more.

This topic is closed for new posts.

Other stories you might like