Adobe Warns of Security Flaw in Reader

← Back to Stories (view on slashdot.org)

Adobe Warns of Security Flaw in Reader

Posted by Zonk on Thursday July 7, 2005 @08:02AM from the quick-fix dept.

isusmiley writes "Adobe Systems Inc. issued a warning on its Web site Tuesday saying that the flaw affects only the Adobe Reader versions 5.0.9, 5.0.10, which were written for the Unix computer operating system. Adobe has since posted a fix for the vulnerability on its site, and a spokesman said Wednesday he was unaware of any security breaches resulting from the software flaw, which was discovered by the security defense firm IDefense, headquartered in Reston, Va."

5 of 20 comments (clear)

Min score:

Reason:

Sort:

Note by Otter · 2005-07-07 08:07 · Score: 2, Funny

Current versions for Linux and Solaris seem to be OK, anyway. It's the current AIX and HP-UX versions that are bad.
So much for 2005 being The Year Of AIX On The Desktop!

--
What I'm listening to now on Pandora...
Oh good by Dammital · 2005-07-07 08:19 · Score: 2, Interesting

Adobe's recommendation is to replace their vulnerable version 5 reader with the spyware version 7.
That's progress. Of a sort.
1. Re:Oh good by MoonFog · 2005-07-07 08:31 · Score: 2, Interesting
  
  And even with the spyware, the Linux version is still incapable of opening DRM'ed ebooks, seeing how it appears to be locked in with MS passport.
Just remember... by jd · 2005-07-07 08:43 · Score: 3, Informative

There is a Layer 7 patch for Linux that will allow you to filter network traffic by application type. You should be able to use an unpatched IPTables to filter anything outbound from acroread anyway, but I'm not sure if this would catch everything that can include Acrobat internally. Either way, you can make it very very hard for Acrobat-based spyware.

I would also suggest lobbying the UN to have Javascript declared a crime against humantiy, but that might take longer to be effective.

--
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I'll see your flaw, and raise you DRM by hacker · 2005-07-07 09:25 · Score: 4, Interesting

"Adobe has since posted a fix for the vulnerability on its site, and a spokesman said Wednesday he was unaware of any security breaches resulting from the software flaw..."

Two words: Show me .

Prove that the "flaw" exists. Just saying "Clicking on the whatchamacallit causes bad things to happen, please upgrade." isn't enough.

Show me that this isn't some FUD to force users to upgrade to a version that isn't riddled with the latest DRM that they "forgot" to put into those versions?

Show me that this version doesn't fix a vulnerability that exposes passwords in PDFs read with it.

Show me that this isn't more ass-covering by Adobe, again.

Until then, xpdf, gpdf and other non-Adobe variants are all working fine. Nothing to see here, move along.