Foxit One-Ups Adobe In Blocking PDF Attack Tactics

Foxit One-Ups Adobe In Blocking PDF Attack Tactics 112

Posted by kdawson on Tuesday May 04, 2010 @06:38PM from the can't-fox-us dept.

CWmike writes "Foxit Software, the developer of a rival PDF viewer to Adobe's vulnerability-plagued Reader, released an update on Tuesday that blocks some attacks with a 'safe mode' that's switched on by default. Foxit Reader 3.3 for Windows' 'Trust Manager' blocks all external commands that may be tucked into a PDF document. 'The Foxit Reader 3.3 enables users to allow or deny unauthorized actions and data transmission, including URL connection, attachment PDF actions, and JavaScript functions,' the update's accompanying text explains. Last week, several security companies warned of a major malware campaign that tried to dupe users into opening rigged PDFs that exploited an unpatched design flaw in the PDF format, one attackers could use to infect users of Adobe's and Foxit's software. That flaw in the PDF specification's '/Launch' function was disclosed in late March by Belgium security researcher Didier Stevens, who demonstrated how he could abuse the feature to run malware embedded in a PDF document. He also reported he had figured out how to change Adobe Reader's warning to enhance the scam."

Foxit One-Ups Adobe In Blocking PDF Attack Tactics

This discussion has been archived. No new comments can be posted.

Search 112 Comments Log In/Create an Account

Comments Filter:

If Foxit Can Do It ... (Score:5, Funny)

by WrongSizeGlass ( 838941 ) writes: on Tuesday May 04, 2010 @06:42PM (#32091968)

... then surely Adobe can do it. It's probably because Foxit is bigger and able to reassign resources better than Adobe ... oh wait ... how did Foxit beat Adobe on this fix?

Re:Hey! This thing has code! Were you expecting th (Score:3, Funny)

by ProdigyPuNk ( 614140 ) writes: on Tuesday May 04, 2010 @07:07PM (#32092172) Journal

I'm almost done a "Database Design and Development" course at college. Turns out the course entirely relies on MS Access (not exactly what I had in mind when signing up). Anyway, in the later part of the course macros/VBA was embedded in the example files, and one of the first instructions in the book was always "Enable the contents" - but the book never bothered mentioning why the warning was there and what the purpose was. I'm sure at least half of my computer science major peers would click OK without thought.

Re:Hey! This thing has code! Were you expecting th (Score:3, Funny)

by sznupi ( 719324 ) writes: on Tuesday May 04, 2010 @07:34PM (#32092382) Homepage

Now, I make my living writing Visual Basic...
And you freely admit it here?... ;)

Re:Hey! This thing has code! Were you expecting th (Score:2, Funny)

by Anonymous Coward writes: on Tuesday May 04, 2010 @07:52PM (#32092530)

Ar
e you sure that some of your mac hines aren't alr
eady
in fect
ed?

Replace PDF with PTF (Score:2, Funny)

by postmortem ( 906676 ) writes: on Tuesday May 04, 2010 @08:00PM (#32092590) Journal

Plain Text Format!
Even companies such as Adobe, Microsoft, and Apple with joint efforts could eventually make TXT format readers that have next-to-0 security holes. :)

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Foxit One-Ups Adobe In Blocking PDF Attack Tactics 112

Foxit One-Ups Adobe In Blocking PDF Attack Tactics More Login

Foxit One-Ups Adobe In Blocking PDF Attack Tactics

If Foxit Can Do It ... (Score:5, Funny)

Re:Hey! This thing has code! Were you expecting th (Score:3, Funny)

Re:Hey! This thing has code! Were you expecting th (Score:3, Funny)

Re:Hey! This thing has code! Were you expecting th (Score:2, Funny)

Replace PDF with PTF (Score:2, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot