back to article Hope you're over that New Year's hangover – there's an Adobe PDF app patch to install

Adobe has issued its first patch of the year, emitting fixes for a pair of high-risk vulnerabilities in Acrobat and Reader. The APSB-02 security bundle is being recommended as a high-priority fix, so install it as soon as you can. The two CVE-listed bugs haven't been targeted in the wild yet so admins are advised to get the …

  1. A.P. Veening Silver badge

    Adobe still existing

    Can anybody explain to me why Adobe still exists and hasn't gone bankrupt long since?

    1. Anonymous Coward
      Anonymous Coward

      Re: Adobe still existing

      IIRC they have proved that making Photoshop a subscription limited licence is a better revenue stream than selling one-off unlimited life licences for new releases. IIRC with a subscription you lose the use of the tools if you discontinue your subscription. Not sure if they have done the same with PDF editing software.

      The cloud on the horizon for Windows users is that Microsoft seem to be edging that way too.

    2. Jonathon Green

      Re: Adobe still existing

      PDF has got to be the best, most finely honed malware delivery vehicle available and Adobe have clearly put a tremendous amount of work into extending and enhancing its capabilities in exciting, imaginative ways in order to maintain market leadership...

    3. Version 1.0 Silver badge

      Bugs? We likes them ... gotta keep that license active.

      Their mainstream products rely on the license model - corporations had to switch from single use purchase to a small monthly fee ($40/user) to continue using them. The monthly fees are paid by credit card and unless someone looks very carefully at the corporate credit card statements, they continue with the licenses forever ... even if the original user stopped using any of the applications.

      Do the math, $40 times 10,000,000 users each month (and that's a conservative estimate).

  2. Mephistro Silver badge

    " ...APSB-02..."

    That patch version code is far too short for an Adobe product!!!

    1. Rich 11 Silver badge

      Re: " ...APSB-02..."

      Maybe it's a tiny, tiny, tiny patch for a tiny, tiny, tiny bug.

  3. Anonymous Coward
    Anonymous Coward

    Shouldn't the Reader do just that

    Never in the history of IT have I known a product that needs patching as regularly as Acrobat reader. Adobe should have nailed this on version 0.1 - it's only supposed to read PDF files and that's it. Nothing else.

    1. Jonathon Green

      Re: Shouldn't the Reader do just that

      Have you ever looked at the PDF spec? I wouldn’t blame you if you haven’t by the way, because A) you’ve got to pay ISO a not inconsiderable amount for the privilege, B) it’s very, very, very large, C) it’s boring, and D) it’s not always terribly clear...

      Highlights include the ability to silently execute arbitrary code (either on opening the document or when specific triggers (reaching a particular page, clicking on a word/phrase, etc, etc) occur, playing external media content, opening web pages, access to the local file system, and exporting data through http post requests. Rendering documents on the screen (while supposedly the primary purpose, what most people think It does, and what most users do with it) barely scratches the surface, and even if Adobe Reader (and any third party code or OS APIs it uses) was coded perfectly it would still provide numerous opportunities to compromise any system it’s installed on just by strict compliance with the spec...

      1. entfe001

        Re: Shouldn't the Reader do just that

        And who the hell put all that crap on the PDF spec and why? If PDF is supposed to be a "paper-on-screen" format, I can't think of any kind of tangible paper sheet that executes code or connects to remote servers.

        Then, if PDF is not anymore a "paper-on-screen" thing, we need another one that just does that and nothing else.

        1. Anonymous Coward
          Anonymous Coward

          Re: Shouldn't the Reader do just that

          PDF is (was) primarily about determining how a printed page should look.

          PDF Readers tend to provide a less strict interpretation of the spec with the emphasis on displaying something rather than showing it correctly.

          As mentioned above the PDF spec nowadays also covers multi-media, hyper-links, and other shinies.

  4. elvisimprsntr

    Glad I excommunicated anything Adobe and M$ long ago.

  5. Spacedinvader

    Reboot required

    It's a fucking PDF reader for crying out loud!

  6. Rajesh Kanungo Bronze badge

    Case for a Minimalistic PDF Reader?

    Is there a way we can get a minimalistic PDF reader that just renders stuff. No code execution, no access to local files, etc.? Oh, you mean documents which include other documents? Should be a local file read ... if other software can safely access files Adobe can too.

    Adobe seems to have done a good job capturing the market and then doing everything possible to give it away. I once was invited to a security Webinar requiring me to install Adobe Flash. I sent Intel a polite note explaining the problem ...

    1. BlueTemplar

      Re: Case for a Minimalistic PDF Reader?

      I'm fond of SumatraPDF... but it would seem that it's the PDF specifications themselves that are the problem !

      1. Tree

        Re: Case for a Minimalistic PDF Reader?

        Adobe Acrobat Reader 4 is the best, because it won't do those nasty things to your computer. It won't even play Real media files. It is a very small - only 2.2 mb. program that's fast and simple. It won't connect itseelf to the internet. Why do they make the bloatware? Who would pay $500+ to read a document. Who needs a Huge array of tools.

  7. redpawn Silver badge

    Because they Love You

    Adobe through the goodness of their heart adds bad code to every project so you will appreciate good code more. This hurts their business but they know in the long run the computing universe will be better off and you will be motivated to produce better code.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020