Adobe Flaw Heightens Risk of Malicious PDFs
snydeq writes "Security companies warn of a new flaw in version 9 of Adobe Reader and Acrobat that could compromise PCs merely by the opening of a malicious PDF. Although attacks are not yet widespread, hackers are exploiting the flaw in the wild, gaining control of computers via buffer overflow conditions triggered by the opening of specially crafted PDFs." Adobe is calling the flaw "critical" and says a patch for Reader 9 and Acrobat 9 will be released by March 11.
The "C" programming language is nothing but a glorified assembler. 40 years ago, when core and CPU was at a premium, it was perhaps a good idea to deliberately design it without bounds checking.
Now, in 2009, where we have CPU and RAM coming out the wazoo, there is no reason to keep using that jalopy, except for jock-programmers' egoes.
Yet we continue to happily compile and link code that begs for memory leaks and stack overflows. How many man-hours have been LOST to "C" bugs just because some jocks could not be caught dead programming without a safety net???
Back in 1973, Niklaus Wirth created Pascal which **has** proper bounds checking by default.
When was the last time you heard about a buffer overrun in Pascal?
Current platforms have sufficient power that can afford languages that **SYSTEMATICALLY** have bounds checking.