back to article Unpatched PDF flaw harnessed to launch targeted attacks

Adobe is investigating reports of unpatched flaws in its Reader and Acrobat software packages. Zero-day bugs in Adobe Reader and Acrobat have reportedly been exploited by hackers to attack vulnerable systems, in a series of limited (presumably) targeted attacks since 11 December. Adobe Reader and Acrobat 9.2 or below are …

COMMENTS

This topic is closed for new posts.
  1. A J Stiles
    Happy

    Won't affect me

    I am still using kpdf ....

  2. The Original Ash
    FAIL

    One more loop in the noose around JS's neck

    JS needs to be reined in. Usability aside, almost every drive-by attack against modern browsers is the result of JS executing a third-party app / viewer. I might drop NoScript and just start browsing with JS disabled permenantly.

    If only I could get 3D graphics working on Ubuntu on my rig...

    1. Anonymous Coward
      Linux

      3d gfx?

      Right now, the only manufacturer with decent 3d drivers for linux is NVidia. You should be golden with an NV card in there. If you're one of those poor unfortunates with a Radeon, you'll discover that their Linux drives are infinitely worse than their WIndows drivers, and you're best not bothering.

      1. Quirkafleeg

        Re: 3d gfx?

        Ha. I'm one of the many lucky owners of Radeon cards with good open-source support… anyway, what's this Abode Addlebat thing? Is it anything like xpdf?

  3. Anonymous Coward
    Happy

    Adobe Actrobat is sh***e

    Adobe Acrobat is and always has been an appaling bad piece of software. Name your parameter - it's awful!

    If you've not done so already, try giving Foxit pdf reader a spin - it's free, a 6th the size and ..hey ...it works!

    1. Anonymous Coward
      Anonymous Coward

      Foxit better, but not necessarily securer.

      It runs JS just like acrobat does, and there's been at least one pdfsploit that could work 'cross-platform' in both adobe and foxit.

      However it's such a nicer bit of software to use that switching is a good idea for sure.

      1. Anonymous Coward
        Anonymous Coward

        arr

        Well, it's smaller, faster and less intrusive- and doesn't install various dodgy "downloader" things on your machine (Adobe leave some with remote root holes lying about, btw- esp ActiveX ones).

        I am sure it also has issues, but used wisely and kept up to date, it might be a good idea.

        Also, WIndows users should consider Secunia PSI, which is free for personal use, and does a sterling job of nagging you into keeping your software up to date, when patches do actually arrive.

  4. Anonymous Coward
    Unhappy

    Seen it...possibly

    Think I came across it last night (and no, I wasn't surfing for pron) - put in a google search and clicked on of the links which tried to open a pdf. Reader then crashed trying to open said pdf.

    Immediately ran a virus scan, but nothing was detected.

    (This was with Firefox, not IE)

  5. jubtastic1
    Stop

    Bollocks

    "The popularity of Adobe software has made it a favoured target for hacking attacks over recent months"

    Bullshit, Adobe software is a favoured target for hackers because it's both crammed full of bugs and suffers from Adobe's retarded focus on bloating with daft insecure features.

    Reminiscent of MS in the 90's, and the reasons are the same: EEE

  6. Mage Silver badge

    Foxit

    Why are people still using slow, bloated Adobe?

    1. Anonymous Coward
      Badgers

      Sumatra - basic but secure (I hope!)

      Foxit was certainly a big improvement over Adobe Reader, but the free version has been getting less and less usable and I can't justify paying for a pdf reader...

      Sumatra pdf does the job just fine for me - I hope it's more secure as it's offers very basic functionality.

  7. Jeff Deacon
    Happy

    Acrobat 5 doesn't have JavaScript

    I knew there was a reason why I refused all the more recent updates!

  8. kwikbreaks

    Yep

    Foxit for me too. I was going to suggest it when I started reading but quickly saw that every man and his dog had beaten me to it.

  9. Robert Carnegie Silver badge

    What's difficult about patching Adobe Reader etc?

    Surely you just download the new Adobe Reader complete and install it. Doesn't that work?

    As for FoxIt: yeah, it's probably popular enough itself to attract hackers - particularly if it has JavaScript itself, or an equivalent. Do you think that the little guys' products are more bullet-proof intrinsically than the big beasts? Check the version history of, say, Opera. One security update after another.

  10. Tony Paulazzo
    Thumb Up

    @ Gobot - Sumatra pdf

    Thanks for the pointer, checking it out.

This topic is closed for new posts.

Other stories you might like