What does code have to do
to get the full Gold Medal winning 10.0 rather than a measly 9.8?
Adobe has released an out-of-band security update for Adobe Commerce and Magento Open Source to address active exploitation of a known vulnerability, and Google has an emergency issue, too. Security Bulletin APSB22-12 fixes CVE-2022-24086, rated 9.8 (critical) out of 10 on the CVSS scale. Adobe has not released details about …
The fundamentals behind all this is due to the fact that the programmers do not use tools that help mitigate these issues - it is up to the programmer to properly implement tight memory controls in C, for example.
As I keep voicing aloud, the only way to solve these problems is to bake security in from the start, in the platform, such as Rust.
Not that I suggest anyone touch the thing with a barge pole, but did anyone notice that Adobe Reader DC now requires you to get a paid version to rotate pages for viewing.
You know, a feature that has existed since version 1.0 on Windows 3.1?
Other readers for the file format are available.
Unfortunately there are times when it does not work. Our Revenue Services insists on using the latest and greatest of Adobes fine products, and the only reader that can open it has to be the latest and greatest. Until last year they still insisted on using Flash(!) - as you all know, the most bug-ridden and insecure piece of software anywhere in the universe. They were so beholden with Flash that Adobe actually wrote a special version just for them. Luckily they finally relented and migrated to HTML5, but there are still applications (on the commercial side) that require Flash.
Adobe stopped adding the latest and greatest features to their linux version a long time ago. If I receive documentation from SARS, I am forced to use SWMBO's Windows machine.
My go-to PDF reader is Okular, which works well for my limited use of PDF's (in fact, the only PDF's I cannot open come from SARS).
I gave Evince and Atril a whirl (luckily they were in Mageia's depository; I had never come across them before, so thanks for that). Unfortunately neither of them could open SARS documents either.
Atril did upset me, though, as it silently, and without even a by your leave, elected itself as the default PDF reader. I hate programs that do that, so Atril had been consigned to the dump.
Now where is the steam coming out of the ears icon? Aaah, found it!
I can't speak for "protected" docs using very latest Adobe crud, but for general reading; Firefox does an awful lot better than Adobe DC.
And, for "thin client" the excellent Sumatra PDF is about as condensed as a modern application can be.
I do find it awfully strange how people never learn from the proprietary lock-in problem. It's not as though it's a recently discovered threat to your operating costs.
Biting the hand that feeds IT © 1998–2022