85 CVE-listed security vulnerabilities in Acrobat and Reader
Given the quality of previous Adobe security fixes, there will now be at least another 85 new vulnerabilities for the hackers to find.
Adobe has posted an update to address 85 CVE-listed security vulnerabilities in Acrobat and Reader for both Windows and macOS. The PDF apps have received a major update that includes dozens of fixes for flaws that would allow for remote code execution attacks if exploited. Other possible attacks include elevation of privilege …
I left Adobe Reader earlier this year and installed FoxIt Reader instead. WOW - what a difference - fast, easy to use, and FAST!
And FoxIt doesn't "helpfully" hook into the rest of my computer. No more does my CPU and hard drive churn when I just single-click on a PDF in Windows Explorer (I don't even open the damned PDF and Adobe still likes to get involved.)
There are 100's of alternative PDF readers out there. Probably 20+ readers/editors.
PDF is just the format for a file that can be rendered somewhat faithfully.
The readers/editors will all have potential faults in how they handle strange stuff in the incoming file. Each one might be subject to compromise. Don't think that Adobe is the only bad actor, just because it has usually been so.
Nope. The format is actually quite nice. I handle them daily, and have no problems whatsoever.
What IS painful is the most common software combo to handle them – Windows, Office, and Adobe's Acrobat Reader. The irony is that Adobe's free software is one of the worst, given that it was Adobe that developed the format.
there are at least 2 alternatives I'm aware of [atril and evince] and they run on Linux and FreeBSD [although evince may have mono dependencies now, DAMMIT - I use an older version of evince on windows machines, however, and so maybe it's there but I didn't notice]
in any case, PDF is well supported in the open source world. We don't need Adobe's "special sauce" nor their attempts at *SLURP* [why ask me to LOG IN using my E-MAIL ADDRESS just to view a PDF file????]
So yeah, toss Adobe's reader in to the trash and get something that actually WORKS! Atril is my current favorite. That may change if they do something stupid (like include mono dependencies).
>> what are they doing about it prerelease?
Adobe Intern: "Err.. here are the fixes for the 85 bugs in Acrobat and Reader you gave me."
Adobe Manager: "It took you long enough, I gave you that job over an hour ago!"
Intern: "Sorry! What happens now? Do the changes get reviewed and tested?"
Manager: "Ooh hark at you! 'Reviewed and tested'! This is Adobe! We don't need to do nonsense like that, especially since none of them are being targetted in the wild! Now here are 200 bug reports for Flash run-time. I need them fixing before lunch!"
IMPRESSIVE (click bait). So, I've bitten: I can match that, but I have (at least) four reasons NOT to install Adobe Reader in the first place:
1. size of installation file, then the size it takes on my hard drive, all over the place
2. what it does to my registry, trying to be "helpful" without asking (not to me, that's for sure!)
3. time it takes to open a single, FUCKING 1 MB pdf. It's like firing an Apollo 11 rocket to get to local Tesco
4. every now and then read about 85 reasons to patch it
Solution: find a free pdf software that's none of 1 - 4 and live happily ever after. Software such as? Well, google be thy friend! The End.
Ummm.... Don't have it...
I'm on a Mac, which means everything on my machine can handle PDF without the need to install anything, from Adobe or elsewhere (it has been declared one of the essential file formats by Apple ages ago).
Yeah, sure, Apple's software (in particular Preview, which pretty much acts as Mac's Adobe Reader equivalent) has its own share of problems. I'm still a smug bastard about this in particular. I have a LOT less trouble (practically zero) with PDFs than with, say, .doc/.docx. ;)
Your choice of icon is completely appropriate for anything with vi bindings.
I know Adobe software is bad, but it isn't so bad that I would inflict /that/ on myself.
From the point of view of a non-vi user, it makes no sense, yes.
But if you are vi-able, it makes perfect sense to lean toward applications with vi bindings across as much of the ui as possible.
Annoying as I've just learnt a bit more about Group Policy so played with trying to deploy Adobe DC (that was a mistake. Although ended up finding a good guide). Got it working so annoying that now need to apply a patch. But interesting as can now see what an update does to the deployment.
Plenty of alternatives to the sluggish monster that is Acrobat Reader. I really avoid using it at the moment. I am also always annoyed at how it wants to "save changes" to a PDF presentation (made using pdflatex), in which I have edited exactly NOTHING in Acrobat Reader. What does it feel it needs to change to the file? Does it want to add ads? Custom malware? I seriously doubt any addition made by Acrobat Reader would be useful to me in even the widest sense of the word.
But that was about ten years ago.
My bet is that the majority of these new vulnerabilities are in the "enhancements" and new features that Adobe keeps adding to try and hook users into their infrastructure. One of the issues that I have with the modern environment is that the manufacturers are far more interested in trying to get users hooked on their products than writing secure, bug-free software - nobody seems to care about that any more.
Does it still attempt to back everything to the cloud... ie the Adove servers?
It seems to, yes ... though I only use the Android version (because I haven't yet found time to locate an Android PDF viewer that isn't worse -- suggestions please!).
On a recently reset tablet I reinstalled Adobe Reader and was horrified to be confronted with a screen that invited me to sign in to the Adobe Cloud (using a Google, Facebook, or Adobe ID). It took me a while to notice a small, subtle, cross in the top corner of the screen that let me bypass that crap and open the PDF.
that it searched the whole bloody file-system. A stale NFS mount stalled it, that's how I noticed.
mupdf needs to be mentioned here, the fastest pdf reader I have met so far: with simple pdfs it can render at a rate of 100 per second on a decent machine. pdf-movies are possible and totally fun.
I am a completely normal person, thank you for asking -------->
"that it searched the whole bloody file-system"
I became 'slurp-aware' when pre-installed Adobe reader on a reconditioned windows 7 machine asked me for an e-mail address to register with their online services, EVERY! STINKING! TIME! I tried to use it.
The possibility that they're ALSO scanning your network is VERY, VERY, DISTURBING...
[what we need is actual confirmation of their data slurp so that no doubts will remain]
I ditched Acrobat in about 2009 as discovered that there are other much better free software out there to read PDFs.
On the rare occasion I need to edit the content of a PDF document, Libreoffice will open PDF's and let you edit them should you want to. Although the rendering can get messed up with the document uses fonts not present on your computer.
I am curious to know whether these 85 flaws have always been in the software or have been recently introduced to make up for the holes that have already been patched?
It's obviously useful to *someone* to have a piece of software that is almost universally installed on Windows machines and is so exploitable.
Biting the hand that feeds IT © 1998–2020