Google Employees Find 60 Security Holes In Adobe Reader 164
sl4shd0rk writes "Upon examining the PDF Engine behind Google Chrome, Google employees Mateusz Jurczyk and Gynvael Coldwind discovered numerous holes. This led them to also test Adobe Reader, which turned up around 60 holes which could crash the PDF reader, 40 of them being potential attack vectors. The duo notified Adobe, who promised fixes, but as of the latest updates (Tuesday of this week) for Windows and Macintosh, 16 of the reported flaws are still present (the Linux version has been ignored). To prove it, Mateusz and Gynvael obfuscated the info and released it, saying the unpatched holes could easily be found. The Google employees therefore recommend that users refrain from opening any PDF documents from external sources in Adobe Reader."
PDFs (Score:5, Insightful)
PDFs have been a security headache for decades now. It originally started as an evolution of PostScript, but has since morphed into a "document solution". Adobe, like so many tech businesses, can't simply create a tool and then be finished. They always have to add more features, more code, more bloat. And surprise surprise, problems arise.
When I go to work on my car, I know my ratchets will work on any bolt on it; I just need to figure out what size it is and maybe an extender and I'm in business. My tools just work; they rarely break, and they don't stop working with next year's model... or the next decade's. Or the last. My ratchets will work on 1950s model cars, and I'm sure they'll still be useful on a 2050 model car.
Linux is more like my ratcheting set. Sed, awk, bash scripts... they don't change. They were there 5 years ago. They'll be there 5 years from now. They're simple, dependable, and "just work". What the fuck is so hard about making a read-only flat document that does the job of being easily readable and printable well? Stop adding features. Make the product do one thing well, and then use the profits to make a completely different product if you need something else done well.
Be like the ratchet.
Re:PDFs (Score:5, Insightful)
Re:PDFs (Score:5, Informative)
Postscript - integral to PDF internals - is itself a Turing-complete language, derived from Forth.
It will always be a problem.
Re: (Score:2, Informative)
That's true, but PDF is a subset of Postscript rather than a generalized programming language. For example, the control structures are removed (if, loops, etc.) It should have been possible to put many more limitations on it. Instead, they added back even more ways to shoot yourself in the foot (e.g., Javascript). That's just nuts, and explains why Adobe Reader has been a bloated, ever-expanding program since... well, forever.
What they need is a "Lean PDF" that is strictly limited to describing the page
Re: (Score:3)
What they need is a "Lean PDF" that is strictly limited to describing the page content, with no internal programmability.
This subset already exists, and is known as PDF/A [wikipedia.org].
Re:PDFs (Score:4, Insightful)
No, because PDF, unlike PS, was intentionally designed to be Turing-incomplete. That was a good design decision, which was then unfortunately screwed with when they added javascript.
Which javascript? (Score:4)
The javascript you can add to the PDF through a GUI or the javascript that you can embed into hex strings when writing a PDF file? The files are a hacky mix of text and binary. Some data types define their length, others have insane rules for end markers and escaping. Hex strings were originally pretty easy, but then they decided that they'd add javascript support into the parsing so you can constants that vary conditionally on the PDF version number. On top of that, you practically have to build a run time to render the PDF because of the complexity of its nested viewport stacks and viewport modifications that can be executed at any time in the PDF.
If that wasn't enough, they made it way more complicated when they hacked in support for JetForms (now known as LiveCycle), which is an XML language with poorly thought out data types and full of rendering hints that would be really useful if the documentation said more than "ignore these if you're not Adobe". If you want to save a PDF created with LiveCycle that a reader other than Acrobat can read, it's saved in both forms, resulting in a file that's 3x the size of a PDF.
Re: (Score:3)
Re: (Score:2)
..and I'd like to point out that the rendering hints in these forms have already been exploited by malware for executing malicious instructions on Windows and OS X. While Adobe hasn't documented it for third party users, it's trivial for malware attackers to fuzz the engine and discover methods of exploiting these features for their own use.
Interestingly, Apple got around some of this with their Preview app by treating any area of the display PDF that has a form-like decoration as if it were a form -- so
Re:PDFs (Score:5, Insightful)
Stop adding features. Make the product do one thing well, and then use the profits to make a completely different product if you need something else done well.
Be like the ratchet.
That works for an open source project where the ultimate goal is to provide a usable product. If the project is already usable then do not add more features. Adobe though is a commercial product. They have to constantly change things and add new features so that their customers will need to upgrade to the latest version. This constant upgrading inevitably introduces instability.
Re: (Score:2)
This constant upgrading inevitably introduces instability.
No wonder if you're trying to build a skyscraper from this. [reference.com]
Re:PDFs (Score:5, Insightful)
Adobe Reader is freeware. Why would Adobe want their "customers" (who pay nothing for the software) to constantly upgrade to new versions?
Adobe Reader is a marketing tool used to sell upgrades to Acrobat. They want to be able to ship new features in new versions of Acrobat, and to do this, they consider it helpful to be able to ensure buyers that "everyone" will be able to use their new whiz-bang documents/forms/whatever.
Re: (Score:2)
...and sometimes, the only compelling reason to upgrade Acrobat is because bug/exploit fixes are only available in the current versions of their products.
On Adobe's side, they do add in improved data structures to the PDF standard as time goes on... using PDF-10 to create PDF/A documents of a reasonable size and clarity is much easier than using PDF-3....
Re:PDFs (Score:5, Insightful)
Lots of products get "improvements" that are anything but. The point of making stuff is to sell it, and you can't sell new stuff unless you can convince folks that their old stuff is obsolete. You can see that any time you visit a car dealer.
Ratchet design isn't static because their makers woke up one day and said, "It's perfect! Let's stop trying to improve it!" They just don't have any design improvements that will convince you to throw out your old ratchets and buy new ones. If they could, they would.
Re: (Score:3)
Not to be pedantic, but they have made many improvements to ratchets over the last 50 years.
- Ergonomic handle shapes
- Fine tooth ratcheting mechanisms (helps work in small spaces)
- Low profile designs
- Flex heads
- Different reversing mechanisms
Re: (Score:2)
This reply is about your ratchets. Believe me the same thing is happening with mechanical stuff. Just look at the number of times Apple has changed fasteners on their iPhone so you can't open it without buying another tool. It's all part of the plan to keep you in the fold.
Re: (Score:2)
On cars, too, for that matter. Anything 1980s or earlier can generally be worked on with classic mechanics' tools, but 1990s and later stuff has an increasing amount of custom and electronic parts that need specialized tools.
Re: (Score:2)
Re: (Score:3, Funny)
Oh this has been going on for years. Even before the 1980's - SAAB, Volvo - I'm looking at you with your weird little engine tools. British stuff didn't need anything special (other than Whitworth wrenches) - a hammer and a screwdriver would disassemble pretty much any Triumph, Spitfire or Land Rover engine ever made. Of course, they couldn't hold a quart of oil for more than 48 hours, but you never had to actually change the oil, you just replaced it.
Re: (Score:3)
What, you mean metric spanners and sockets (and before that SAE)? Seriously Volvo put perhaps more thought in how things come apart than most other manufacturers. With 80s Volvos if you've got a bolt and a nut, they're typically different sizes (ex 17mm + 18mm instead of 2x 17mm). The bonus here is you can use one set of tools.
Whitworth... now that's weird (unless you're Australian).
Re: (Score:2)
Re: (Score:2)
Wasn't about 3 Whitworth wrenches capable of removing an Engine from a Centurion tank? We'll that and a hammer.
Re: (Score:3)
I'm in a devils' advocate mood today... I don't particularly like Adobe (nor do I hate them particularly), and I think reader is a bloated piece of crap.
But Reader changed not because Adobe has a PDF agenda to rule the world, but because Adobe economically needed it to change. To make money, gain market share, whatever.
A ratchet is a simple tool, one whose expectations won't change. But software (and cars) are much more fluid. Your ratchets may work on your 1950's car, but you won't like driving it. Engine
Re: (Score:2)
Mmm. Wrong. Modern ratchets (at least the higher end stuff) often have many more teeth than older ratchets. This allows them to be useful in more confined spaces. Both tools and expectations have indeed evolved. Someone who's used to the flexibility a new SnapOn Dual 80 ratchet afford probably wouldn't be super happy with an old 30 tooth model.
Re: (Score:2)
I'm in a devils' advocate mood today... I don't particularly like Adobe (nor do I hate them particularly), and I think reader is a bloated piece of crap.
But Reader changed not because Adobe has a PDF agenda to rule the world, but because Adobe economically needed it to change. To make money, gain market share, whatever.
A ratchet is a simple tool, one whose expectations won't change. But software (and cars) are much more fluid. Your ratchets may work on your 1950's car, but you won't like driving it. Engines are better now, tires are better, handling is better. You'll hate the boaty-ness of your 50's era driving, the gallons-per-mile you pay for driving it, the lack of safety features, the lack of DVD player dropping from the roofline for your kid in the back seat. I wonder simply how many safety regulations that would prohibit a "new" 50's tech car being sold. Adobe finds it difficult to get money out of a non-bloated Reader the same as any car company would go out of business if it sold nothing but 50's tech in cars.
What Adobe should have done is let some group without a profit motive - or a need to bloat it to hell - take over development. Such groups do exist - Apache being the best example. Adobe wants PDF to both be a universal utility, and a tool to bind you exclusively to Adobe. Those goals conflict.
May I introduce you to GhostScript? http://en.wikipedia.org/wiki/Ghostscript [wikipedia.org]
Unless you want the bells and whistles that introduce security holes, Ghostscript is what you want as a PDF reader/writer. Reader *IS* the bloatware version. There's lots of other readers and writers out there that can handle the actual PDF standard; Reader just handles the bloat.
The "useful tool" analogy doesn't really work (Score:3)
Re: (Score:2)
Linux is more like my ratcheting set. Sed, awk, bash scripts... they don't change. They were there 5 years ago. They'll be there 5 years from now. They're simple, dependable, and "just work"... Stop adding features. Make the product do one thing well, and then use the profits to make a completely different product if you need something else done well.
So you're not an emacs user then?
Re: (Score:2)
Linux is more like my ratcheting set. Sed, awk, bash scripts... they don't change. They were there 5 years ago. They'll be there 5 years from now. They're simple, dependable, and "just work"... Stop adding features. Make the product do one thing well, and then use the profits to make a completely different product if you need something else done well.
So you're not an emacs user then?
vi'e alway's thought of emacs as an OS....
Re: (Score:2)
Point well made - something I wish more utilities would do. I would rather have a stable and secure PDF tool than a feature rich one constantly needs updated and patched.
Re: (Score:2)
Point well made - something I wish more utilities would do. I would rather have a stable and secure PDF tool than a feature rich one constantly needs updated and patched.
So use Ghostscript. Unless you're actually using the bloatware features, there's no reason to use Adobe Reader. OS X has Preview, Windows has Foxit Reader, and everyone has Ghostscript. None of them are as good at *creating* PDFs as Acrobat, but they're all better than Reader at reading them without destroying your security model and eating up resources.
Re: (Score:2)
Exactly. Nobody needs Adobe Reader installed and everybody should avoid it.
Sadly at work I have Adobe Acrobat installed. Not my choice.
Re: (Score:2)
Your ratchets, sure. Your sockets, not so much. Plenty of new types of fasteners have been introduced since the 1950s (TORX/E-TORX/TORX Plus, Pozidrive, metric hex stuff, etc).
just a chrome ad (Score:3)
Nothing here is new. I bet even the security findings
This is all a chrome advertisement.
"how to make people use our plugin instead of the free reader with lots of features?"
They only failed to realize that people that even uses pdf probably use "secret" for their email password
Re: (Score:2)
Seriously? I've been working on my vehicles for 38 years... I didn't have very many 'special service tools' back then but, while there are still a few bolts on vehicles, I would say the typical modern vehicle requires a lot more specialized tools to do basic things. I wouldn't be at all surprised to find that your ratchets aren't useful on your 2050 model vehicle. The head bolts on my 1993 toyota diesel can't be removed with a traditional 6 point hex socket, I need a 12 point socket.. You need a micrometer to determine whether you can re-use the head bolts or need to replace them. There are now hose clamps buried so deep inside the engine compartment you need a cable-actuated clamping tool to remove/install them.
Bringing us back to "Linux", used to be that Unix tools were primarily single-purpose until Linux came along and people started adding "-R" and "-r" options to commands like 'grep', or 'chown' or 'chmod'... Back in my day, we would use 'find'. 'ls' never used to have colors. So your Unix tools may never have changed, but mine did.
I wonder what the automobile equivalent of the Single Sided 360K floppy disk is ....
Re: (Score:2)
You mean Mozilla, which started out with a huge monolithical suite and eventually separated them into individual applications? Mozilla, whose browser is using significantly less memory than an year ago[1 [areweslimyet.com]]? No, not like Mozilla.
Alternative readers? (Score:2)
I'd like to see them include some of the alternative readers (Foxit, etc.) included in their testing since they are somewhat popular among people who have thought that Adobe Reader was bloated and slow for quite a while.
Re: (Score:2)
I tried Foxit
My Quickbooks has Adobe PDF writer built-in (only good for QB use!)
Somehow, that has made Adobe Reader get called in FF instead of Foxit.
It reminds me of the file association wars between Quicktime, WinAmp and WMP.
Re:Alternative readers? (Score:4, Informative)
Re: (Score:2)
I know about the alternatives.....but what I want to know is if any of them have the same security holes (or conversely, which PDF viewer is the most secure).
Re: (Score:2)
Re: (Score:2)
They don't have the same ones. The alternatives focus on an old PDF standard, that is what almost all PDF documents are and don't include all the executable stuff.
As far as i know the alternatives very rarely have issues, I can't remember ever seeing a security for evince.
Re: (Score:2)
What about handling forms and complex features?
Re: (Score:2)
Or just use Adobe Reader for Linux?
And in other news... (Score:5, Interesting)
Re: (Score:2)
Why create a new document format? There already are enough free, open, standard ones out there to fill every niche. There's ODF for WYSIWYG. There's LaTex for typesetting (PDF replacement). AJAX and HTML5 for interactive pages.
It's just a matter of enabling them in Chrome, and offering it in their search. For example, they could build LaTex and ODF viewers right into Chrome. They can then convert every PDF and Word Doc into LaTex and ODF to be displayed in this embedded viewer. Present a "Convert to LaTex"
Re: (Score:2)
Present a "Convert to LaTex" button for every PDF file their search result indexes and do the same for Word docs and ODF. Instead of "view as html", use "view as LaTex" and "view as ODF".
Anybody who wants to view PDF and Word Docs natively would then have to download and open the file up in the viewer manually.
Converting PDF to LaTeX would be like convering Java bytecode to Java source... sure, it's possible, but editing it isn't going to be very pretty and the output's going to be really bloated....
Re: (Score:2)
Thats funny, with the LaTeX... as the only way LaTeX actually looks nice is after you have converted it to PDF...
Re: (Score:2)
There are already numerous better tools for viewing, creating and editing pdf files than acrobat... And yet many people still think pdf is a proprietary format that requires acrobat, and there are many websites carrying pdf files which even try to advertise this false information.
I have even seen mac and linux users, who generally have a far superior pdf viewer installed by default, using acrobat... Never understood why.
It's not better tools we need, its better awareness that these tools exist.
Also even if
Re: (Score:2)
I have even seen mac and linux users, who generally have a far superior pdf viewer installed by default, using acrobat... Never understood why.
Well, I ran across a reason a few weeks ago. I have a Macbook Pro, and I'd been using the builtin Preview program to display PDFs, as well as the Safari browser which does the job in its own windows. Then, a few weeks ago, I downloaded a PDF file from IMSLP [imslp.org], and both Preview and Safari showed a lot of the pages as illegible smudges. I tried it in xpdf on my nearby Ubuntu box, and had the same problem there (though a few of the problematic pages did display legibly.
Just for fun, I decided to finally do
Re: (Score:2)
Exactly!
en.wikipedia.org/wiki/List_of_PDF_software
I mean, there's even a Wikipedia page on it. Adobe's just done an excellent marketing job, and gets their reader bundled with EVERYTHING.
Lets get this started... (Score:3, Funny)
Irresponsible disclosure (Score:4, Funny)
Google was irresponsible in not publishing these holes immediately so affected users could take steps to mitigate their vulnerability while Adobe put together a patch.
Re: (Score:2)
You really think nobody else knew about these already? per your sig censorship is obscene is this any different? Whats the downside the vulnerabilities are not there and thus not an issue or people can be informed and mitigate them? You can only guess that nobody else has discovered an issue it's better to assume somebody has and fix it than to sweep it under the rug.
Informed disclosure? (Score:4, Insightful)
Google was irresponsible in not publishing these holes immediately so affected users could take steps to mitigate their vulnerability while Adobe put together a patch.
The Full Disclosure folks say that vulnerabilities should be disclose immediately. Their arguments have some merits. The Responsible Disclosure folks say that the vendor should have n number of weeks to get a patch out, then it goes to Full Disclosure. That has some merits as well, but the trouble is the public doesn't know there's a problem during the n weeks. The calculation is a balance of how many people will be protected vs. how many people will be harmed.
It occurs to me that a third way, call it 'Informed Disclosure' for now, would be to:
as a way to avoid the problem with Responsible Disclosure but still give the vendor reasonable time to react. e.g. 'Informed Disclosure' may say:
and then send Adobe the exploit code, which will be published in 45 days. This also removes the illusion of potential blackmail from security researchers, because the public has on-record information that the disclosure will be published, regardless of the action or inaction by the vendor.
Surely others have taken this approach, but I can't find a name attached to it -- anybody?
Re: (Score:2)
basically the same as full disclosure (Score:2)
Depending on how big foo() is, simply indicating where the vulnerability is may be enough to allow black hats to find it.
Re: (Score:2)
Re: (Score:3, Funny)
maybe they were busy exploiting these holes by sending their competitors PDFs?
Nah, they just used them to bypass Safari tracking protections.
Fucking Slackers! (Score:4, Funny)
Those fucking slackers could only find 60 holes in that Swiss cheese? And, they couldn't even bother looking at Flash!
Oops, I have to go. My PC needs to reboot after the third Flash and Reader update today.
Re: (Score:2)
Maybe they just gave up and stopped counting at 60?
Re: (Score:2)
How hard is it to find security holes in Adobe? (Score:2, Insightful)
I guess they just Googled it...
Best part of the article for me... (Score:2)
The name of the researcher "Gynvael Coldwind".
Too cool, in more ways than one. :D
The Acrobat Plug-In Is Garbage (Score:3)
*Very* Sloppy Summary (Score:5, Insightful)
The summary muddles two distinct PDF readers, the PDF reader built into the current version of Chrome (purely Google) and the PDF reader from Adobe that's completely separate. The Google reader is relevant only because the vulnerabilities in the Adobe reader were discovered using the tools developed to find vulnerabilities in Chrome.
Re: (Score:2)
The PDF reader in Chrome doesn't seem to be purely Google. On this page [google.com] comparing Chrome to the open-source Chromium distribution, they mention that they can't open-source the Chrome PDF reader because:
Whose third-party code? Adobe's? Someone else's?
Re: (Score:2)
Chromium seems to have diverged a bit from Chrome. The Google PDF reader I was describing is built into Chrome. It's not a plugin. I can't say for sure that it contains no 3rd party software, but I doubt it. It's pretty feature-limited.
Re: (Score:2)
Re: (Score:2)
There's never been a PDF reader built into Chromium.
Reading skills, dude. I didn't say there was.
Re: (Score:2)
Re: (Score:2)
Besides, would they have used tenth the time in Linux, Windows, iMacos, or whatnot, they would have found at least twice the amount.
I am extremely disappointed on Linux "security" (i give a shit about W or i). I get several updates every day. This has gotten worse since -90, and is getting much worse extremely fast.
We FUCKING need ABI! We FUCKING need design (and I do not mean kernel alone).
how would an ABI help security more than API? (Score:2)
Why do you need a binary interface rather than a programming interface?
Re: (Score:2)
Because it must stay stable to be of any use. When it is stable, it got to be designed, or it won't stay stable.
Is there a tool that does *all* reader functions? (Score:2)
I had Reader on my Mac because I had to cryptographically sign something. Is there something out there that does both forms and cryptographic signing?
Also, I forgot about Reader until something asked me to update it. I promptly deleted it, but where did the updater spawn from? Id love to remove all adobe code from my machine.
Re: (Score:2)
Fortunately, most Mac users don't need Reader at all. Preview handles PDF viewing very well and is amazingly fast.
I have Acrobat Pro installed out of necessity (for work), but all of its auto stuff is turned off - I really only need it once or twice a year. But still... I consider Acrobat a malignant tumor on my hard drive. I may have it walled off, but it's still there, patiently waiting for a chance to spread its poison...
Really, the world would be a better place if people used alternatives to Adobe softw
Re: (Score:2)
I'm aware of Preview, doesn't do cryptographic signing. Im asking if something does everything, Preview doesn't cut it.
Re: (Score:2)
Right, I should've been more clear. It doesn't help people like you - but for most users, Preview does everything they need.
Re: (Score:2)
Also, I forgot about Reader until something asked me to update it. I promptly deleted it, but where did the updater spawn from?
I fired up Reader yesterday and it popped up that there was an update, so I told it to go ahead. Then a dialog came that that it needed to restart to finish the update. I clicked 'Restart' thinking that Reader was going to restart. No, it restarted my fscking PC! Reader needs to DIAF! And it's updater!
Solution: Setup Chrome As Default PDF Reader (Score:2)
Setting up Google Chrome as the default PDF reader is more secure, and it's one less program to update. To do so in Windows 7 just right click on a PDF file, click "open with", click "choose default program", click Browse, and Browse to the following file:
C:\Users\\AppData\Local\Google\Chrome\Application\Chrome.exe
Adobe Reader does have some features that Chrome lacks, but 95% of users will be perfectly fine with just Chrome.
Re: (Score:2)
Slashdot messed up the path name. Where you see the double slashes is obviously the user name.
Re: (Score:2)
Setting up Google Chrome as the default PDF reader is more secure, and it's one less program to update. To do so in Windows 7 just right click on a PDF file, click "open with", click "choose default program", click Browse, and Browse to the following file: C:\Users\\AppData\Local\Google\Chrome\Application\Chrome.exe
I had considered doing something like this, but I'm not at all sure I want Google to have full information on my reading habits. (I already have Chrome installed for Facebook only, since it can
Adobe Reader is a huge BLOB - use Free software! (Score:2)
Use free open source software instead:
http://pdfreaders.org/ [pdfreaders.org]
How to deal with PDF files(Windows) (Score:2)
Sumatra PDF for Windows folks (Score:3)
Re:Easy enough (Score:5, Insightful)
30 EUR for a single license for "PDF-XChange Viewer" and you get only "1 year of product maintenance" (which probably means after one year you need to pay for security patches).
For a freaking pdf reader? And with no real assurance that this one isn't again full of security holes. Get real.
Re: (Score:2, Informative)
30 EUR for a single license for "PDF-XChange Viewer" and you get only "1 year of product maintenance" (which probably means after one year you need to pay for security patches).
For a freaking pdf reader? And with no real assurance that this one isn't again full of security holes. Get real.
The 30EUR product is their Pro version (more like Adobe Acrobat Standard), they also have a free version which does everything Adobe Reader does and more.
Re: (Score:3, Informative)
Ahem
It's got commenting features without watermarking and even does OCR which I have been very impressed by.
Re: (Score:2)
Why not just use a free one?
$30 for a pdf reader is pretty steep.
Re: (Score:1)
Don't use Adobe Acrobat Reader.
Unfortunately, some PDF documents can only be opened with Adobe Acrobat. See http://www.quickpdflibrary.com/faq/if-this-message-is-not-eventually-replaced-by-the-proper-contents-of-the-document.php [quickpdflibrary.com]
Re: (Score:2)
Third party clients also have exploits.
Re: (Score:2)
Re: (Score:2)
Don't use Adobe Acrobat Reader.
Everybody in my small office uses PDF XChange Viewer.
Or just use Google Chrome. It reads PDF with no plugin. It still lacks a few features but I assume they're working on that in between fixing the holes for Adobe.
Re: (Score:2)
Re:Google. (Score:4)
Because it's a proper noun.
Re: (Score:3)
Re: (Score:2)
The mugs they give out at the National Association of Photoshop Professionals meeting are pretty cool.
Re: (Score:2)
PDF.js is so mind-numbingly slow when rendering large PDF files, it's just ridiculous. It's simply not a useful solution in a work environment.
Re: (Score:2)
Nevertheless, if you want to create a properly sandboxed viewer capable of executing embedded JS, it's possibly the right approach. i.e. using the available battle-hardened Javascript engine embedded in your web browser. With a major caveat that PDF is a format primarily for printing as opposed to rendering onscreen.
I would ask if translating PDF to HTML5 is inherently slow or just that the implementation hasn't yet received sufficient optimisation. e.g. gmail's own render farm generates HTML on the fly for
Re: (Score:2)
if you want to create a properly sandboxed viewer capable of executing embedded JS
That would be the problem. Just don't support embedded JS.
Re: (Score:2)
Adobe has a well documented lack of interest in fixing its bugs without charging its customers. For years now, Photoshop has ignored its placebo settings panel and attached itself to storage volumes despite the wishes of users (After three years, I can only assume the purpose is nefarious, and probably related to terrorism and or a desire to harm small animals). A spokesman claims the company has finally fixed the bug in CS6, but have told users they must http://feedback.photoshop.com/photoshop_family/topics/disk_could_not_be_ejected_because_photoshop_is_using_it [photoshop.com]pony up $800+ for the antidote. Most of us will never know whether it's fixed or not.
So they fix that particular bug, ignore the 100+ other bugs that have been hanging out since version 5 and create new bugs.
Hey, it's one way to make money.