Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Flaw Heightens Risk of Malicious PDFs

Posted by kdawson on from the driving-by dept.

snydeq writes "Security companies warn of a new flaw in version 9 of Adobe Reader and Acrobat that could compromise PCs merely by the opening of a malicious PDF. Although attacks are not yet widespread, hackers are exploiting the flaw in the wild, gaining control of computers via buffer overflow conditions triggered by the opening of specially crafted PDFs." Adobe is calling the flaw "critical" and says a patch for Reader 9 and Acrobat 9 will be released by March 11.

3 of 193 comments (clear)

  1. Re:Sigh... still no basic sandboxing by billcopc · · Score: 4, Insightful

    You seem to blindly believe that Adobe is even remotely competent at writing code. If you've ever used Acrobat, you would realize it is a barely-usable resource-thrashing mess.

    Does Ghostview need 150mb of libraries to render a PDF ? No.

    Just because a company is a market leader, does not necessarily mean they know what they're doing. They just know how to sell.

    --
    -Billco, Fnarg.com
  2. March 11? by Culture20 · · Score: 4, Insightful

    That's three weeks away! One week from now, pdfs are going to be on every questionable web page and email attachment. Step up the cycle, Adobe.

  3. Re:Adobe should separate pdf and acrobat more by fuzzyfuzzyfungus · · Score: 4, Insightful

    There are, already, standardized subsets of PDF( PDF/A, PDF/X, PDF/E) which fulfill your request.

    Trouble is, while Adobe does have an incentive to support those, they have no incentive to encourage them as defaults. There are two basic problems: Adobe has an incentive to spread PDF as widely as possible(which creates a strong pressure to tack on additional functions to address expanded use cases) and Adobe only makes money on PDF if you use their software. If, in practice, you can only be confident of being able to manipulate a given PDF with Acrobat, Adobe cashes in. Otherwise, not so much.