Adobe PDF Exploits In the Wild

mambosauce writes "Brian Krebs, via the security fix blog is reporting that the recent PDF vulnerabilities which were patched only for Adobe Reader 8 and not 7 are being exploited via banner ads. As if there haven't been enough banner ad attacks this year now we have another one targeting one of the most popular applications in the world this weekend. At this rate there won't be many safe applications left to use."

Solution:

[CSMatt]

Don't use Adobe Reader.

Re:Use a different PDF viewer instead

[ScrewMaster]

No kidding. FoxitReader is a hell of an improvement over Adobe's crap, even if it isn't open source.

"Safe" application?

[Chas]

[Windows User] WUZZAT?

You have a multitude of applications, varying versions of operating systems, and scores of browser versions out there.

Is it REALLY any surprise that there are security holes like this? The miracle is that there aren't MORE.

Note: I'm NOT saying that these holes aren't a bad thing and shouldn't be patched. But this idiotic notion of a "safe" app just irks the shit outta me.

The only "safe" app is one that has absoloutely no interaction with other programs or the user whatsoever. (IOW it don't exist.)

Blocking Banner Ads

[AngelKurisu]

This is just another addition to the mounting list of reasons I block most banner ads. Why should I download something that could be dangerous, and adds no value to my browsing experience? I manually un-block certain sites I know to have decent levels of quality assurance in their ads (Penny Arcade, Slashdot, for example). I'd much rather directly micropay for content than be served completely worthless ads anyhow.

Re:Blocking Banner Ads

[calebt3]

I have also unblocked ads for /., but it's kinda pointless because I won't allow doubleclick through NoScript. Why do we need animated ads?

But Foxit doesn't work!

[Anonymous Brave Guy]

Foxit is so much faster and less of a resource hog then adobe reader.

It also doesn't work. For example, two-page documents generally start with page 1 on the right, yet in two-page mode Foxit insists on displaying pages 1 and 2 together, 3 and 4 together, etc. I discovered this when I tried it after seeing comments like the parent and GP posts, and also discovered that there have been bugs logged on this for eons but no-one seems to care about fixing it. The software was uninstalled from my PC within two minutes of installing it and filed under "beyond hope".

One of these days, people on Slashdot will realise that something that is free/or more secure is still worthless if it doesn't actually do the job it's supposed to do.

Re:Benifits of Adobe Reader? Seriously.

[domatic]

Adobe appears to be moving away from PDF as "electronic paper" to "all singing all dancing Internet Document". You can now embed movies, audio, and javascript in PDF to make some sort of "active document". Personally, I think PDF has jumped the shark.

Speed up Acrobat Reader

[plover]

A long time ago, I learned that Acrobat Reader is so damn slow to launch because of all the crap plugins that are loaded with it. I couldn't remember exactly which of the various modules I removed, but a quick Google gave me this: http://dwtips.com/2006/06/17/how-to-speed-up-pdf-loading-with-adobe-acrobat/ [dwtips.com] It looks like the same type of instructions that I followed way back when.

Re:Theory != practice

[dotancohen]

For Joe and Jane Sixpack, PDF=Acrobat, www=IE. Saying that other readers/browsers are safe is irrelevant for the majority of people.

Now why do you think that is? Because of misleading articles like this. When bugs are found in IE, should the media report that the Internet is flawed?

Re:Use a different PDF viewer instead

[Anonymous Coward]

PDF. "Portable DOCUMENT format."
When was the last time you opened up your favorite book or magazine and saw video (flash, wmv, quicktime)? When was the last time your favorite book required 3D acceleration (DirectX or OpenGL content)?
Do most people want/need to be able to condense pdf files into a booklet, or participate in reviews, or participate in online meetings with their pdf files?

For a portable document viewer, it seems like a lot of bloat and unnecessary features to me. If you want to include these features, offer a version with them separate from just a plain viewer. If there is such a large market for 3rd party PDF viewers, ones with a smaller footprint and faster open time, shouldn't that say something to Adobe to offer JUST a viewer without extra crap?

Foxit, Xpdf, Kpdf, eXPert, Sumatra, PDF-XChange, probably TONS of others... Just like how people started flocking to Phoenix/Firebird,Firefox once Mozilla started adding in Email and News and other things that didn't help with regular Web Browsing. .02

Re:Use a different PDF viewer instead

[heson]

NO, and thats why its better.