Thursday, August 5, 2010

Is it time to dump Adobe Reader in favour of an alternate PDF reader?

Patching Adobe products is just getting OLD (not to mention expensive). FWIW I use both the Foxit Reader and the Sumatra PDF viewer rather than Adobe Reader on Windows.

Adobe confirms critical flaw in Reader and Acrobat - SC Magazine US
The vulnerability affects the current version of the software, Adobe Reader 9.3.3, and earlier versions for Windows, Macintosh and UNIX, Adobe said. It also affects Adobe Acrobat 9.3.3 and earlier versions for Windows and Macintosh. There are no reports of the bug being exploited in the wild.

Adobe - Security Bulletins: APSB10-17 - Security Advisory for Adobe Reader and Acrobat
Adobe is planning to release updates for Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh to resolve critical security issues, including CVE-2010-2862 which was discussed at the Black Hat USA 2010 security conference on Wednesday, July 28, 2010. Adobe expects to make these updates available during the week of August 16, 2010.
Sunbelt Blog: Living with the iPhone .pdf vulnerability
Apple is working on a fix for the much-publicized .pdf vulnerability in the iPhone – and might be putting the finishing touches on one – but it looks like it might be a while before it is available.

This isn’t a small problem. There could be nearly 100 million vulnerable iPhones and iPod Touches out there at this point.
Adobe Acrobat Font Parsing Integer Overflow Vulnerability
PDFs containing specially crafted TrueType fonts can trigger this vulnerability.
Adobe readies emergency fix for critical PDF Reader security hole | ZDNet
On the heels of a Black Hack conference presentation where researcher Charlie Miller (left) provided details of an exploitable vulnerability in Adobe’s PDF Reader software, the company plans to ship an out-of-band patch to ward off malicious hacker attacks.

No comments: