Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Flaw Heightens Risk of Malicious PDFs

Posted by kdawson on from the driving-by dept.

snydeq writes "Security companies warn of a new flaw in version 9 of Adobe Reader and Acrobat that could compromise PCs merely by the opening of a malicious PDF. Although attacks are not yet widespread, hackers are exploiting the flaw in the wild, gaining control of computers via buffer overflow conditions triggered by the opening of specially crafted PDFs." Adobe is calling the flaw "critical" and says a patch for Reader 9 and Acrobat 9 will be released by March 11.

3 of 193 comments (clear)

  1. Sigh... still no basic sandboxing by Ed+Avis · · Score: 5, Interesting

    And why exactly does Adobe Reader run with full permissions to all the user's files? Surely by now Adobe would have learned to run it in a sandbox. For example, the code that reads and renders the PDF could run in a separate process (a la IE8 or Google Chrome) and just send image data back to the main window.

    More generally, the OS needs to make it completely easy to sandbox applications, so even the stupidest application developer can do it with little effort. Indeed, the default should be that it has no access to write files anywhere except those chosen by the user with the Save As box. I'm not holding my breath though...

    --
    -- Ed Avis ed@membled.com
  2. Patch by March something? by rjune · · Score: 5, Interesting

    Today is February 20. This is listed as a critical flaw and they are taking 18 days to release a patch. I'm glad they're getting right on this.

  3. Adobe should separate pdf and acrobat more by goombah99 · · Score: 4, Interesting

    PDF has become what it set out to be, the de facto truly portable document format.

    The problem is acrobat keeps larding in new features all the time to the point where in a corprorate environment you get more and more pdfs that require acrobat to even see.

    it's an embrace and extend approach.

    the problem here is the problem microsoft occasionally runs into-- if you monocrop then their is huge exposure to the possibility that viruses can spread like wild fire.

    But with microsoft we were always in that boat from the first day they introduced it. microsoft docs always went hand in hand with the application software environment creating a stable ecosystem for any potential virus. (I use the term virus liberally)

    with pdf this was not the case. Pdf is a format. there are many readers.

    but adobe's constant racheting of add ons is threatening this.

    --
    Some drink at the fountain of knowledge. Others just gargle.