Google Employees Find 60 Security Holes In Adobe Reader

sl4shd0rk writes "Upon examining the PDF Engine behind Google Chrome, Google employees Mateusz Jurczyk and Gynvael Coldwind discovered numerous holes. This led them to also test Adobe Reader, which turned up around 60 holes which could crash the PDF reader, 40 of them being potential attack vectors. The duo notified Adobe, who promised fixes, but as of the latest updates (Tuesday of this week) for Windows and Macintosh, 16 of the reported flaws are still present (the Linux version has been ignored). To prove it, Mateusz and Gynvael obfuscated the info and released it, saying the unpatched holes could easily be found. The Google employees therefore recommend that users refrain from opening any PDF documents from external sources in Adobe Reader."

Lets get this started...

[nighthawk243]

>Adobe in charge of security.

Irresponsible disclosure

[Hatta]

Google was irresponsible in not publishing these holes immediately so affected users could take steps to mitigate their vulnerability while Adobe put together a patch.

Re:Irresponsible disclosure

[bill_mcgonigle]

maybe they were busy exploiting these holes by sending their competitors PDFs?

Nah, they just used them to bypass Safari tracking protections.

Fucking Slackers!

Those fucking slackers could only find 60 holes in that Swiss cheese? And, they couldn't even bother looking at Flash!

Oops, I have to go. My PC needs to reboot after the third Flash and Reader update today.

Re:PDFs

[ColdWetDog]

Oh this has been going on for years. Even before the 1980's - SAAB, Volvo - I'm looking at you with your weird little engine tools. British stuff didn't need anything special (other than Whitworth wrenches) - a hammer and a screwdriver would disassemble pretty much any Triumph, Spitfire or Land Rover engine ever made. Of course, they couldn't hold a quart of oil for more than 48 hours, but you never had to actually change the oil, you just replaced it.