AP - Flaw found in Adobe Acrobat PDF format

Allows attacks on personal computers through trusted Web links

Updated: 58 minutes ago

SAN FRANCISCO - Computer security researchers said Wednesday they have discovered a vulnerability in Adobe Systems Inc.'s ubiquitous Acrobat Reader software that allows cyber-intruders to attack personal computers through trusted Web links.

Virtually any Web site hosting Portable Document Format, or PDF, files are vulnerable to attack, according to researchers from Symantec Corp. and VeriSign Inc.'s iDefense Intelligence.

The attacks could range from stealing cookies that track a user's Web browsing history to the creation of harmful worms, the researchers said.

The flaw, first revealed at a hacker conference in Germany over the holidays, exists in a plug-in that enables Acrobat users to view PDF files within Web browsers.

<snip>
They recommended that users protect themselves by upgrading Internet Explorer or changing Firefox's user options so the browser does not use the Acrobat plug-in.

http://www.msnbc.msn.com/id/16464910/

I prefer to use http://www.foxitsoftware.com/pdf/ over adobe.

Anyone else get this reply?

The actual link is http://www.foxitsoftware.com/pdf/rd_intro.php

Welcome to DU!! :toast:

They have an advantage when you have a need to print a document, but for just about any other function, PDF sucks like the black hole at the middle of our galaxy.

Biggest gripe I have is linking a reference to a PDF file. There are certain documents at work that I have to reference on a regular basis, usually in functions where speed is a necessity, and about 25 percent of the documents are in PDF format and every single time, I end up having to wait and wait and wait and it's damned annoying.

So having a local copy would be a non-starter.

http://en.wikipedia.org/wiki/List_of_PDF_software

I used to use them a lot, because Adobe Reader (formerly Acrobat) used to soak up comparatively huge amounts of memory and not give it back. Plus, Adobe has never fully explained why Reader wants to constantly transfer information between your computer and home base.

Now, however, I just set my firewall to never, ever let Reader access the Internet. It doesn't seem to prevent .pdf files from being viewed, it just keeps Reader from carrying on its illicit conversation with the Mothership (I hope).

the typeface or do any other options that make pdf files easy to read.

the one that lets it continue to run in the background hogging resources even after you have closed out the pdf.

:mad:

I would never use it myself, but I understand it is the standard for academic/technical/official applications. It just tends to hang my pc's memory or processor more than any other app I can think of.

That's adobe's reader that sucks up the resources. It's been like that since version 6. Not sure why they decided to go to total bloatware on it. There are 'better'/lighter readers out there though...


PDF is a popular format for ebooks. I prefer chm(mickeysoft compiled html) but often times publishers create an e-copy in PDF format.

I make dozens and dozens of PDFs each and every week --- and do not find that it hangs up anything (Mac).

I send my customers proofs of their design jobs, and I wouldn't know what to do without it.

but on every pc I have owned (W95 - XP), opening Adobe Reader almost invariably will result in a noticeable loss of memory and/or processor performance.

> I make dozens and dozens of PDFs each and every week ---
> and do not find that it hangs up anything (Mac).

Are you sure you're not viewing those PDFS with "Preview"?
By ddefault, a Mac will use that rather than Adobe Reader
to view PDFs and Preview is *MUCH* faster getting rolling.

Adobe launches and then wastes time trying to convince me
to update the latest version to the latest version {sic}.

Tesha

My Mac is lightning fast when i tell it to use Preview to open up a PDF... but when i use Acrobat, YIKES it takes forever! My OS is only 10.2.8, so i can't get the most recent Reader (yes i'm sick of the update pane too). Chalk me up as someone who will be looking for another Reader. Though i won't be worrying about viruses or worms with my Mac... :)

"Adobe launches and then wastes time trying to convince me
to update the latest version to the latest version {sic}."

>> Adobe launches and then wastes time trying to convince me
>> to update the latest version to the latest version {sic}.

> Yes, that's happening on my husband's computer. WTF???

It's Reader. I've had the same difficulties on Windows/XP
as on MacOS/X. Yeah Adobe! :(

Tesha

(3.0)

Works great for me, so why spend money on an upgrade that apparently stinks.

lost interested in reading the document in the first place

http://kb.mozillazine.org/Adobe_Reader

under "Disabling the browser plugin".

Most of them involve acrobat staying open and slowing down my browser... ^_^;;;;

I'm always having one problem or another with it.

When you are used to using open source software you come to forget how absolutely awful 99% of proprietary software is, and Acrobat is certainly in that 99%. I use Ghostview and Evince instead.

I have been warning against all of the PDF and SWF apps as security risks. Even fully patched, they have inherent security problems that affect not just MS Windows, but also Mac and Linux.

The biggest peril with the Adobe products is ActionScript, a programming language that was designed to execute within Flash. It has various security gaps, particularly when combined with JavaScript. The security discussions at Adobe are mostly PR. For every hole that AS 3.0 closed, it opened several new ones, ripe for attack.

It is not just the Adobe add-ins that are at risk. There have been several SWF or PDF addins which were themselves malware of some type, so be wary of them, too.

BTW I use ghostview on Linux when I must view PDF. Try to avoid SWF whenever I can. I mostly use w3m as my browser, so I am terminally paranoid.