Slashdot Mirror
Adobe Confirms PDF Zero-Day, Says Kill JavaScript
CWmike writes "Adobe Systems has acknowledged that all versions of its Adobe Reader, including editions for Windows, the Mac and Linux, contain at least one, and possibly two, critical vulnerabilities. 'All currently supported shipping versions of Adobe Reader and Acrobat, [Versions] 9.1, 8.1.4 and 7.1.1 and earlier, are vulnerable to this issue,' said Adobe's David Lenoe said in a blog entry yesterday. He was referring to a bug in Adobe's implementation of JavaScript that went public early Tuesday. A "Bugtraq ID," or BID number has been assigned to a second JavaScript vulnerability in Adobe's Reader. Proof-of-concept attack code for both bugs has already been published on the Web. Adobe said it will patch Reader and Acrobat, but Lenoe offered no timetable for the fixes. In lieu of a patch, Lenoe recommended that users disable JavaScript in the apps. Andrew Storms, director of security operations at nCircle Network Security, said of the suggestion in lieu of patches, 'Unfortunately, for Adobe, disabling JavaScript is a broken record, [and] similar to what we've seen in the past with Microsoft on ActiveX bugs.'"
kill Javascript.
And while you're at it, deep-six the rest of that Web 2.0 crap.
Just not on my lawn, you crazy kids!
Welcome to the Panopticon. Used to be a prison, now it's your home.
Having never handled PDF documents except to read them, I wasn't even aware they could contain Javascript. I don't understand why they need to. Jeez, are we going to get to the point where it's not safe to go to the bathroom because the toilet can execute Javascript?
You mean like TEX?
A man's reach must exceed his grasp, or what's an erection for?
Oh, fine. Next you'll be telling me that you don't want moving parts in your books. Well, maybe you can explain to my little boy why Mr. Giraffe won't wake up when we open that page in Happy Fun at the Pop-Up Zoo!, or why Baby Roo won't peek out of Mama Roo's pouch any more.
Besides, we've already learned to skip the page with Mr. Angry Monkey.
Bloated? I don't think one should describe what Adobe has done to Acrobat Reader simply as "Bloat". I suggest redefining the term as a verb with a tip of the hat to the new masters, as in "you silly hack, you've adobed your software!"
After getting fed up with Reader in the wake of the Feb. 19th PDF remote exploit notice (http://www.adobe.com/support/security/advisories/apsa09-01.html/) I decided to install FoxIt (I know, proprietary, not open source goodness)... But anyway, when I went to uninstall Adobe Reader, Windows claimed it to be taking up 221MB on my hard drive. 221 Megabytes! For a document reader!?
After installing FoxIt, Windows claims that it takes up only 7.15MB, which I corroborated by checking the size of the install directory. For the life of me, I can't figure out what exactly it is that Adobe Reader does that FoxIt doesn't. They're functionality identical so far as I can tell. So what in god's name is Adobe doing with that extra 200 megabytes of disk space?
Have you updated the Adobe Updater? Perhaps what we need is an updater to update the Adobe Updater.
Dark Reflection
"So what in god's name is Adobe doing with that extra 200 megabytes of disk space?"
I shouldn't really be telling you this, but there's an easter-egg video involving Carrot Top hidden somewhere in Adobe Reader. Call it a result of the 'more megabytes = more powerful' school of software management :P
"I Don't Have Enough Faith to be an Atheist"
pr0n that a developer accidentally commited.
Im on ur drive... eatin ur sectorz! om nom nom.
Admit it. You post strawman arguments as AC so you get modded Insightful for refuting them, rather than Troll
It'll be horrible, but I really want to see an implementation of this.