Foxit One-Ups Adobe In Blocking PDF Attack Tactics 112
CWmike writes "Foxit Software, the developer of a rival PDF viewer to Adobe's vulnerability-plagued Reader, released an update on Tuesday that blocks some attacks with a 'safe mode' that's switched on by default. Foxit Reader 3.3 for Windows' 'Trust Manager' blocks all external commands that may be tucked into a PDF document. 'The Foxit Reader 3.3 enables users to allow or deny unauthorized actions and data transmission, including URL connection, attachment PDF actions, and JavaScript functions,' the update's accompanying text explains. Last week, several security companies warned of a major malware campaign that tried to dupe users into opening rigged PDFs that exploited an unpatched design flaw in the PDF format, one attackers could use to infect users of Adobe's and Foxit's software. That flaw in the PDF specification's '/Launch' function was disclosed in late March by Belgium security researcher Didier Stevens, who demonstrated how he could abuse the feature to run malware embedded in a PDF document. He also reported he had figured out how to change Adobe Reader's warning to enhance the scam."
If Foxit Can Do It ... (Score:5, Funny)
Re:Hey! This thing has code! Were you expecting th (Score:3, Funny)
Re:Hey! This thing has code! Were you expecting th (Score:3, Funny)
Now, I make my living writing Visual Basic...
And you freely admit it here?... ;)
Re:Hey! This thing has code! Were you expecting th (Score:2, Funny)
Ar
e you sure that some of your mac hines aren't alr
eady
in fect
ed?
Replace PDF with PTF (Score:2, Funny)
Plain Text Format!
Even companies such as Adobe, Microsoft, and Apple with joint efforts could eventually make TXT format readers that have next-to-0 security holes. :)