back to article Adobe auto-launch peril not fully purged, researcher says

A security researcher says he can force Adobe Systems' widely used PDF readers to execute potentially malicious commands despite an emergency security fix the company released earlier this week. The update Adobe added to its Reader and Acrobat applications contained a patch designed to prevent attackers from using the apps to …


This topic is closed for new posts.
  1. asdf

    another day another Adobe security fail

    You don't have to be a mactard (which I am not) to hate adobe software. Bloated, buggy and worse of all the least secure software in the industry (even M$ has finally wised up some unlike 400 days in the wild Adobe). Probably the single biggest security threat on your computer right now is flash or some other piece of Adobe floatsam (at least chrome comes with it auto bundled and auto sandboxed now). Having no viable alternative to flash (that is any other software that will properly render flash 8+) is the single biggest threat to the web. Even pdfs are less of a threat with a viable alternative such as Foxit Pro.

    1. Anonymous Coward
      Thumb Up

      RE: another day another Adobe security fail

      ...and in another article on El Reg today they write:

      "Similar criticism applies to Adobe apps, a prime target for hacker attacks over recent months."

      The thing with Adobe is that they make (or buy) softwre that works and then never touch it except to release a new sparkly version. There's rarely any code optimization, no thinking about security, nothing.

      If it wasn't for Photoshop, they'd have no saving graces. Even Photoshop seems a bit clunky these days...

  2. Eddie Johnson

    I Don't Even Need to Say It Do I?

    Why would you still have Adobe software on your computer?

    You learned your lesson the last 500 times, right?

    1. BongoJoe

      Stuff they do well badly

      The trouble is that there really isn't anything out there which can compete with Lightroom, PhotoShop and Elements (or any combination thereof).

      I detest Flash and I really dislike their PDF maker, not to mention the bloated product and their bloated price tag. The latter I can get around but until I find a better product for my photography I am stuck with at least those products.

      Yes, these are bloated as well. No matter how good the machine is; when one is using Lightroom one has to keep an eye on the System Manager because sooner or later it's going to eat all the resources and crash.

      Their code does a good job - but extrememly horribly. I wish that there was an alternative.

    2. Cameron Colley

      @Eddie Johnson

      "Why would you still have Adobe software on your computer?"

      How about because if I don't it becomes useless at one of the main tasks I use it for -- watching 4OD/iPlayer/etc. ...

      Yes, youtube can now be had in "HTML5 Beta" mode but, as someone pointed out in a thread related to this, that has some niggles (like the inability to select a place in the stream to play from) which mean it doesn't quite match up to Flash for usability yet.

      Once web developers have started using <video> tags instead of Flash and started writing games like Fantastic Contraption in JavaScript (or whatever)* I'll gladly uninstall flash. As, I'm sure, would many others.

      *OK, this is not a dealbreaker

  3. Anonymous Coward
    Anonymous Coward

    "powerful functionality relied on by some users"

    And what about the 99% of users who don't rely on any of that functionality, and just want a basic PDF reader? How about you put their interests first, and screw the 1%?

    1. Lou Gosselin

      PDF files

      They do serve a useful purpose as portable/printable documents (although I don't like that they're proprietary.)

      However adobe's commercial interest means that they cannot stop changing their products, whether the changes are beneficial or not. They must change in order for adobe to sell new versions. This is very much like the problem microsoft has with office, since people are content with the older versions. Microsoft has to look towards various means to make the older versions obsolete, even though the newer versions are no better in the eyes of customers.

      Anyways, I agree. In the ideal world, PDF would stick to what it does best and leave out the feature creep.

      1. Anonymous Coward
        Anonymous Coward

        RE: PDF files

        "They do serve a useful purpose as portable/printable documents (although I don't like that they're proprietary.)"

        Well, we could all use Postscript/Ghostscript and associated viewers...

        I don't let Adobe software near my computer unless I really have to.

      2. gollux
        Black Helicopters

        Proprietary, yeah, shh, its a secret but... does a very good job of creating Acrobat PDF documents that do exactly what Acrobat documents were supposed to do in the first place,

        Acrobat PDF file structure is an openly available standard that can be implemented into any software and Adobe created it as such from the beginning. You can create it, open it and read it without any dependence on Adobe, unless you want to access some of their newer features, but the inability to access the newer features is because your third party software needs to be updated to tne newest Acrobat PDF specs, and might given the vulnerabilities they often introduce not be such a bad thing afterall.

  4. Doug Glass

    Foxit Reader ...

    ... is one "reader" solution; there are others. If you like Adobe software and it works for you, use it. If you prefer a leaner reader, use something else. If you're one of the hundreds of thousands (millions???) who do the Lemming thing and simply click on the "Acrobat Reader" download button then it likely doesn't matter to you. Which is likely 99% of all desktop computer users in the first place. The only ones who really give a frakk about it one way or another are users who think of a computer as the end; most users think of it as a means ... a tool. It's just a hammer to them; nothing special, just a hammer. Break it; buy another. Muck it up, get a nerdy pseudo-friend to clean it up again. Of course then the user is usually subjected to endless barbs about mistreating the poor little thing. Or about being an irresponsible computer owner who should be defragging and updating rather then taking the kids to the park or the wife out to a nice restaurant. Oh well such is life ... them that's got one lives it; them that don't just worry about footprints and antennas.

    1. adnim

      I also use Foxit, but beware...

      Some of the vulnerabilities of Adobe PDF reader have been present in Foxit too.

      The JBIG buffer overflow vulnerability for one.

      Trust no one, for they really are out to get you, or your PC or your mother's maiden name ;-)

  5. demo

    Reminds me of flash player

    They can't even update their 64bit flash player for linux, leaving us stuck with 32bit wrapped flash players (which aren't the kindest of things). Sure theres gnash and swfdec, but they just don't work for youtube.

    I say we should all look forward for html5, google + youtube seem to be pushing it forwards. In fact the only adobe product i will ever use is flash player. Yet i only need it for watching youtube videos because i have no alternative. Begone with adobe! 90% of mac + linux crashes are due to adobe software.

    Adobe just seem to be spreading potential back-doors to almost every system available lately.

  6. gollux

    "powerful functionality relied on by some users."

    Like all our friendly computer scammers, crooks, malware writers and industrial espionage operators. The rest of the computing world won't miss it at all...

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020