back to article Unofficial fix brings temporary relief for critical Adobe vuln

Security researchers have released what they say is an unofficial fix for the critical Adobe Reader vulnerability that's being actively exploited to install malware on machines running Microsoft Windows. The download replaces a buggy strcat call in a font-rendering DLL module with a more secure function, according to this …

COMMENTS

This topic is closed for new posts.
  1. roknich
    Pint

    Read your acrobat docs on a linux machine

    this is particularly easy on Ubuntu desktop 8.04.

    linux provides several "readers" that require no thought to use or install

    just use the default.

    1. Anonymous Coward
      Go

      Evince Also Works On Windows

      just download it.

  2. Anomalous Cowturd
    Pirate

    Never a truer word spoken

    > It's also worth pointing out that the vast majority of Reader users could protect themselves by using an alternative PDF viewer that isn't as widely targeted.

    Foxit, Evince, and many more.

    All aboard the Skylark!!!

  3. Anonymous Coward
    Pint

    Is Acrobat 5.1 vulnerable?

    I still use it, because it can still read all the documents I need to read, but comes without all the new-fangled bloatware and all the man-years of vulnerabilities associated with the bloatware. I did try Foxit but me and it didn't get on, so it just seemed simpler to go back to Acrobat 5.1.

  4. Keith T
    Thumb Down

    Adobe looks really ridiculous

    I mean, Adobe Reader isn't doing anything truly complicated, it isn't an operating system, it doesn't even author .PDFs.

    But even with such a relatively simple product, Adobe is having problem after problem and is extremely slow with fixes.

    1. Steen Hive
      Thumb Down

      Relatively simple?

      Have you *seen* the mountains of cruft that pos installs on a machine? Granted, very little of it has anything to do with reading PDFs - but it's still there, hogging resources, painting big bullseyes on your bank-account details.

    2. asdf
      Flame

      because Adobe follows industry worst practices

      Adobe was a pioneer of offloading their code development to India to the lowest bidder. Surprise surprise code monkey hacks produce spaghetti code that is full of bugs that take forever to find and patch correctly. Now their software is the worse in the industry and the only mystery is why the hell is it on so many boxes. Always one of the first steps to securing a computer is to check and recheck that no Adobe software is installed. If it is no matter what you do the box can't be locked down.

  5. Smooth Newt Silver badge
    Pint

    Adobe Reader

    Three weeks for a simple fix to critical, currently exploited patch seems like taking the piss.

    But maybe Adobe have worked out that this type of problem doesn't actually affect their core business or their revenues.

    After all it is not going to affect Adobe Acrobat Writer sales. The reader is just a loss leader, Adobe aren't actually going to make any money out of fixing it.

  6. Anonymous Coward
    Go

    List Of Adobe Reader Fixes For Windows

    Evince:

    http://download.gnome.org/binaries/win32/evince/2.30/evince-2.30.3.msi

    (strongly suggested)

    xpdf:

    ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4-win32.zip

    Google Chrome dev version:

    http://www.google.com/chrome/eula.html?extra=devchannel

    GSView:

    http://mirror.cs.wisc.edu/pub/mirrors/ghost/ghostgum/gsv49w32.exe

  7. roknich
    Big Brother

    Warehouse of Bad Code

    "Adobe was a pioneer of offloading their code development to India to the lowest bidder."

    Ok, then tell me what do they keep in that large building down the street from the Caltran in San Jose?

  8. Tom 7 Silver badge

    Another victory for Pointless Document Format

    its a computer not a filing cabinet - get paper shaped shit in the recycling bin where it belongs.

  9. Anonymous Coward
    Thumb Up

    Sumatra PDF Reader

    Open source, free, no install required, no iffy browser toolbar options, portable. It just works.

  10. Ross 7

    Brick?

    Rather weird claim in the article.

    Testing the patch / update is a thoroughly good idea, and apparantly something they've not done before given the quality of output we get from Adobe. However, testing it to make sure it doesn't brick any Win installations?!

    It takes some pretty impressive coding to brick an OS from ring-3 these days.

    And who the hell uses strcat and its ilk outside of homebrew kludge-ware intended for personal use only?! When did Aleph1 explain buffer overflows in extremely simple terms? 10 years ago? Pretty sure he advocated keeping well away from strcat, sprintf etc. Organisations the size of Adobe have ridiculous numbers of policies and procedures when it comes to coding - surely that should include the public flogging of anyone using such functions...

    1. Anonymous Coward
      Heart

      Foxit rocks

      Really nice, light weight reader.

    2. Anonymous Coward
      Stop

      Errm, No

      They might have any number of ridiculous beancounting regulations, but coding is normally handled very, very informallly. What counts in the end is to deliver features on time. New Features => SALES !

      That's how it was in the 80s when people like Warnock and Gates grew their businesses. They still have not changed their mindsets. I doubt they will before they die.

      Gates was talking some crap about "Security Development Lifecycle" and it turned out that beneath the shiny GUI we had fermenting flesh from Windows 3.11 in "Windows 7".

      Adobe would only notice if their financial figures changed. As they don't make money with Acroread, why should they ?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020