Adobe Flaw Heightens Risk of Malicious PDFs

snydeq writes "Security companies warn of a new flaw in version 9 of Adobe Reader and Acrobat that could compromise PCs merely by the opening of a malicious PDF. Although attacks are not yet widespread, hackers are exploiting the flaw in the wild, gaining control of computers via buffer overflow conditions triggered by the opening of specially crafted PDFs." Adobe is calling the flaw "critical" and says a patch for Reader 9 and Acrobat 9 will be released by March 11.

Sigh... still no basic sandboxing

[Ed+Avis]

And why exactly does Adobe Reader run with full permissions to all the user's files? Surely by now Adobe would have learned to run it in a sandbox. For example, the code that reads and renders the PDF could run in a separate process (a la IE8 or Google Chrome) and just send image data back to the main window.

More generally, the OS needs to make it completely easy to sandbox applications, so even the stupidest application developer can do it with little effort. Indeed, the default should be that it has no access to write files anywhere except those chosen by the user with the Save As box. I'm not holding my breath though...

Patch by March something?

[rjune]

Today is February 20. This is listed as a critical flaw and they are taking 18 days to release a patch. I'm glad they're getting right on this.

Re:Patch by March something?

[BarryJacobsen]

Today is February 20. This is listed as a critical flaw and they are taking 18 days to release a patch. I'm glad they're getting right on this.

Much work remains to be done before we can announce our total failure to make any progress!

Adobe should separate pdf and acrobat more

[goombah99]

PDF has become what it set out to be, the de facto truly portable document format.

The problem is acrobat keeps larding in new features all the time to the point where in a corprorate environment you get more and more pdfs that require acrobat to even see.

it's an embrace and extend approach.

the problem here is the problem microsoft occasionally runs into-- if you monocrop then their is huge exposure to the possibility that viruses can spread like wild fire.

But with microsoft we were always in that boat from the first day they introduced it. microsoft docs always went hand in hand with the application software environment creating a stable ecosystem for any potential virus. (I use the term virus liberally)

with pdf this was not the case. Pdf is a format. there are many readers.

but adobe's constant racheting of add ons is threatening this.

Re:Adobe should separate pdf and acrobat more

"The problem is acrobat keeps larding in new features all the time..."

One I'm trying to figure out at the moment, is how you get Acrobat Reader to let you save a form (like the way an IRS 1040 works) through some F/OSS software. I spent some time looking through the file format specifications, and I've got to say, I don't see it in there. I bet there are other features like that too, maybe?

Who uses Adobe Reader anyway?

[mcvos]

Nowadays I read my PDFs with Preview.

Re:JavaScript...

[PeeAitchPee]

Because you need some way to describe the logic used in PDF-encapsulated forms. We are not talking about multi-tiered apps which adhere to MVC, mind you -- we're talking about forms which are completely self-contained in a PDF file, such as those created with Adobe's LiveCycle Designer. In LiveCycle Designer's case, you can either use Adobe's proprietary scripting language (which relatively few people already know), or you can use JavaScript (which lots of people already know). I've written a PDF order form, for example, which automatically recalculates the order's total on-the-fly for the customer filling it out in the browser, right on the form and without requiring an Internet connection. Among other things, this cuts down significantly on the volume of sales support calls and increases order accuracy. So, yes, there's really a use case for having a way to express logic in a PDF.

Irony and opportunity...

[TheNetAvenger]

Disclaimer, this is an observation, but may seem a bit of a troll...

Once again we see market dominance and poor attention to security collide.

What makes this story interesting is the 'features' Adobe leaves enabled in PDF document features that even Microsoft knows better than to allow.

This creates the interesting aspect of Adobe losing touch and Microsoft actually getting it for once.

If you look at the MS XAML (XPS) document/display formats that compete directly with PDF, Microsoft got it right.

1) Less vulnerbilities - the lack of internal to external scripting of XAML and the sandbox nature of the XAML display and print formats dual sandbox the content inside a managed code environment.

2) XPS is void of scripting which more closely compares to PDF documents.

3) For print industry and press people, XPS/XAML is still turning heads even as new as it is compared to Postscript/PDF. This is not only in consistent print abilities, but speed as well.

4) Add all these together and then realize XAML/XPS can inherently draw and reproduce graphics that are outside the abilities of PDF and Adobe begins to have a reputation problem with companies like agfa, xerox, vari, etc.

(Yes PDF can display anything, but most advanced drawn graphics have to be rasterized because the language cannot inherently draw them. - This also increases the storage sizes and the processing times of high speed printers and presses.)

*A side note, because of OS X's dependence on Display PDF, it also has the same inherent drawing limitations when dealing with advanced graphics. Forcing applications to hack through the native drawing abilities of OS X, and in contrast developers on the Vista Windows side of the market are finding they no longer have to deal with limitations of GDI+ which is comparative to Display PDF on OS X.

Re:What about Foxit?

[terrahertz]

Except that breaks the ability to use chapter-like bookmark links from one PDF to another, which are frequently used in business contexts. So another reminder: Lock your corporate user accounts down as far as you can, because they are going to need every stupid little feature in the world, even if it kills them (and you).