Here’s a Patch for You, Adobe: \Acrobat\Uninstall.exe
by John Paczkowski
Posted on February 20, 2009 at 9:03 AM PT
There’s a critical vulnerability in Adobe’s Reader and Acrobat PDF software and at least one zero-day exploit for them in the wild already. Yet Adobe (ADBE) won’t have a fix in place until March 11, and then only for Adobe Reader 9 and Acrobat 9. Patches for earlier versions of the software will arrive sometime after that.
Two and half weeks or longer to wait for a critical patch.
In the meantime, exploits for the flaw will no doubt grow in number and cunning–a nightmare since the PDF format and Adobe’s related apps are so widely used. “Right now we believe these files are only being used in a smaller set of targeted attacks,” security group Shadowserver said in an advisory on the matter. “However, these types of attacks are frequently the most damaging and it is only a matter of time before this exploit ends up in every exploit pack on the Internet.”
Shadowserver recommends disabling Javascript in Acrobat and Reader to limit exposure to such attacks. There are, of course, other solutions as well–Foxit for Windows users, Preview for Mac users, and Xpdf for Linux users.
Comments
The default for Linux system that use the KDE desktop is a slightly spiffier KPDF.
A few years ago when I would install a new Linux the very first thing I would add would be the official Adobe reader for Linux. Lately I’ve found I never need it (for compatibility) and the various open variant tend to be MUCH faster at rendering a page.
Posted by Mac Beach at February 20th, 2009 at 12:26 pmWhat is Adobe Acrobat Reader?
Posted by Dave Barnes at February 20th, 2009 at 1:30 pmMy computer came with Preview which I use to view PDFs.
Do I need Acrobat Reader to view PDFs? Why didn’t someone tell me this before now?