Google Employees Find 60 Security Holes In Adobe Reader

sl4shd0rk writes "Upon examining the PDF Engine behind Google Chrome, Google employees Mateusz Jurczyk and Gynvael Coldwind discovered numerous holes. This led them to also test Adobe Reader, which turned up around 60 holes which could crash the PDF reader, 40 of them being potential attack vectors. The duo notified Adobe, who promised fixes, but as of the latest updates (Tuesday of this week) for Windows and Macintosh, 16 of the reported flaws are still present (the Linux version has been ignored). To prove it, Mateusz and Gynvael obfuscated the info and released it, saying the unpatched holes could easily be found. The Google employees therefore recommend that users refrain from opening any PDF documents from external sources in Adobe Reader."

Re:Easy enough

Ahem

The FREE PDF viewer download of the PDF-XChange Viewer may be used without limitation for Private, Commercial, Government and all uses, provided it is not -: incorporated or distributed for profit/commercial gain with other software or media distribution of any type - without first gaining permission.

It's got commenting features without watermarking and even does OCR which I have been very impressed by.

Re:Alternative readers?

[gmuslera]

In Ubuntu (and probably other distributions and gnome based desktops) the default viewer is Evince, in KDE ones is Okular, and you have embedded viewers in other apps, like in google chrome. There is no need to install Adobe's unless you need some special added feature. A list of software that works with PDF can be found in Wikipedia

Re:PDFs

[Jeremiah+Cornelius]

Postscript - integral to PDF internals - is itself a Turing-complete language, derived from Forth.

It will always be a problem.