Unofficial patch plugs 0-day Adobe security vuln. Security researchers have developed an unofficial patch for a zero-day Adobe Acrobat and Reader vulnerability that's become the subject of hacker attacks. Adobe acknowledged the vulnerability last week but said an official patch wouldn't be available until 11 March. This three week window of vulnerability before an update …
What, a patch for Acrobat that doesn't involve start, run, appwiz.cpl, and removing Adobe's shoddy products and replacing them with Foxit or Sumatra, KPDF or XPDF, Open office or one of the many free PDF printers? Wow.
Cue the name callers^W^W Adobe apologists, with their shouts of freetard or some other sophisticated insult!
Look, you may have wasted time and money on that software, but there's no need to take out on others.
When I get an email from my bank stating that I really need to re-enter my account number and password *now* -- here's the link, I ignore it. Now I have someone telling me that I really need to run this piece of code with full administrative privileges *now* -- and here's the link.
Sheesh! With "security experts" like these, and users willing to do whatever they are told, it's no wonder we have a malware problem.
Oh, and I dare say "these people" are terribly trustworthy, and that their code *does* plug the vulnerability they talk about. I wonder what it opens instead, intentionally or not? Do you think Adobe, who know the code better than most, might be holding back because oh-I-don't-know they want to be sure that a hurried fix doesn't make matters worse? In the meantime, if you want to be genuinely helpful to end-users and not encourage reckless behaviour, wouldn't it be better to point them in the direction of a *tested* workaround, like an alternative PDF reader?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
