Slashdot Mirror
Adobe Finally Fixes Remote Launch 0-Day
Trailrunner7 sends in this excerpt from Threatpost (Adobe announcement here): "Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac, and Unix users to malicious hacker attacks. The update, which affects Adobe Reader/Acrobat 9.3.2 and earlier versions, includes a fix for the outstanding PDF '/Launch' functionality social engineering attack vector that was disclosed by researcher Didier Stevens. As previously reported, Didier created a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities. The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file." Relatedly, Brian Krebs blogs about the downsides of Adobe's increasingly Byzantine update process.
Why is every unpatched exploit a 0-day attack? Wouldn't this be more like a multi-month exploit?
Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
For the 90% of us who don't require all the minutiae of functionality and cruft which Adobe Reader offers, there are options. Obviously Mac folk are covered by Apple's built in Preview, but on Windows, Sumatra PDF is amazing and ridiculously small. It's better than Foxit, in my opinion, for barebones PDF viewing in Windows. Check it out! http://blog.kowalczyk.info/software/sumatrapdf/index.html
And doing just a bit of research - Foxit only fixed this exact same bug 2 weeks earlier than Adobe.
The MSP Installer is also available for those who may use Adobe Reader in silent installs/updates.
Side rant: Why does Adobe still only offer the unpatched versions of Reader on their front page?
Prove it.