Adobe Flaw Heightens Risk of Malicious PDFs 193
snydeq writes "Security companies warn of a new flaw in version 9 of Adobe Reader and Acrobat that could compromise PCs merely by the opening of a malicious PDF. Although attacks are not yet widespread, hackers are exploiting the flaw in the wild, gaining control of computers via buffer overflow conditions triggered by the opening of specially crafted PDFs." Adobe is calling the flaw "critical" and says a patch for Reader 9 and Acrobat 9 will be released by March 11.
What about Foxit? (Score:3, Insightful)
Re:What about Foxit? (Score:4, Informative)
Re:What about Foxit? (Score:5, Funny)
Re: (Score:3, Funny)
Re:What about Foxit? (Score:5, Informative)
Re:What about Foxit? (Score:4, Informative)
Where in the article does it say this is a WindowsXP SP3 issue? The Adobe official site clearly states "Platform: All platforms". The shadowserver site says they tested it works with WindowsXP SP3, not that it's restricted to this.
Phillip.
Re:What about Foxit? (Score:5, Informative)
Re: (Score:2)
On the other hand, the actual advisory from Adobe states that the issue affects all platforms. You'd think they'd be the ones to know best, right?
Well, maybe the programmer who wrote the advisory and who signed off on the original 'overflow free' code are one in the same?
Re: (Score:2, Funny)
Re: (Score:2)
Re: (Score:2)
We are mostly alternative OS users, i.e., Linux, *BSD, OSX, etc(sorry OS2 users).
Really. You have numbers to back up that wild-ass claim? Because this poll [slashdot.org] would kind of disagree with you. (No, it's not scientific, but if anything the GNUtards are more likely to jump on that as a chance to proclaim how they don't use Windows than Windows users are to respond!)
Re: (Score:2)
I use Linux as my main desktop, I watch movies, edit photos, listen to music and etc on it, but I have a Windows VM for .NET development, and a separate Windows partition for gaming. I tried the Win7 beta and liked it, so if somebody asks me "are you going to upgrade to Win7?", what do you think I'd answer?
Yet as I read books on Linux using Evince instead of Windows and the turd called Adobe Reader, this doesn't affect me at all.
The problem with trying to deduce slashdotters' OS usage from that poll is that
Re: (Score:2)
So you're not a Linux user, you're a user of multiple OSes. Thank you for helping me prove my original point: that Slashdot users are not merely "alternative OS users" and that Windows stories are germane. :)
Re: (Score:2)
I don't know what stats you're looking at, but most Slashdotters use Windows.
Heresy! (Score:2)
It's because I'm burning up my employer's money reading Slashdot on an XP box! At home, it's Ubuntu through and through, I swear!
Well, except for Wine and VirtualBox.
Re: (Score:2)
It's elsewhere in this thread: someone pointed to a poll Slashdot ran recently asking if they'd upgrade to Windows 7. Only about 32% said "I don't use Windows". That leaves almost 70% who do use Windows, clearly a majority.
As a Linux user, I don't like it either, but it doesn't help things to ignore reality, and the reality is that Slashdot is filled with Windows fans and users. You always have to watch out any time you badmouth MS on here, because some MS fanboy will bash you for it. And as the poll sh
Re: (Score:2)
Re:What about Foxit? (Score:5, Funny)
Foxit has compatibility problems because it doesn't have all of the features of Adobe Reader 9.
For example it doesn't open the specially crafted PDFs our clients send us at work, which are thoughtfully secured with AntivirusXP2009
Re: (Score:2, Funny)
Strange, I saw a pretty good review of this AV software on PCMag...
Re: (Score:2)
Good show!
Who uses Adobe Reader anyway? (Score:3, Interesting)
Nowadays I read my PDFs with Preview.
Re:What about Foxit? (Score:5, Informative)
Right now it's windows only, unfortunately.
http://blog.kowalczyk.info/software/sumatrapdf/index.html [kowalczyk.info]
Re:What about Foxit? (Score:5, Informative)
Re: (Score:2)
even better sumatra pdf does not lock the file while it is displayed, so you can edit it with pdflatex while keeping it open in sumatra pdf, and it will automatically update the display.
Memory useage can get a bit high though
Skim for Mac OS X (Score:3, Informative)
Here's a plug (from a satisfied user) for the open source but Mac-only Skim [sourceforge.net].
Skim is lightweight, fast, and scriptable. It allows for easy markup of PDFs either to the original file or separately. With Skim, one can convert annotations between its open format (written into the extended attributes) and Adobe's PDF standard. Combined with Apple's Preview.app, Skim can provides much of the functionality Adobe Acrobat.
Comment removed (Score:5, Informative)
Re: (Score:2, Interesting)
Thanks (Score:2)
I was worried for a moment... (Score:2)
Well.. (Score:4, Insightful)
Guess I'm going back to Adobe 5.1 again. And yes, I still have the install.
try a non-Adobe PDF reader (Score:5, Informative)
I'm using a non-Adobe PDF reader: Foxit Reader [foxitsoftware.com]. It's commercial and not open source, but the non-Pro version is free to use; it's functionally far superior to the open source ones that were mentioned at Slashdot recently. I really hope the OSS projects can reach the level of sophistication of Foxit, because it's really my baseline of minimum PDF-reader functionality. The first OSS reader that can duplicate Foxit's sophistication will get a new convert.
Re: (Score:2)
You forgot to mention that it is small and fast to load too. ;)
I've been using it for a couple of years now, wild horses wouldn't drag me back to adobe reader.
Re: (Score:2)
The WORST aspect of Adobe Reader is actually that god-awful browser plug-in! Jeezus!
Re: (Score:2)
Have you tried Sumatra [kowalczyk.info]?
IMHO, Sumatra is to Foxit what Foxit is to Adobe Bloatreader.
Even Foxit has annoying advertisements in it that wont' stay turned off.
It might be missing some of the features you're looking for (I don't know what you need), but Sumatra is tiny, extremely fast, and open source.
Re: (Score:2)
I hadn't heard of Sumatra before so I thought I would give it a try.
Works as advertised - starts up fast, pages quickly. I love it. Very minimal on the features, but if you're like me and just need to read PDFs, it works wonderfully. Thanks!
Re: (Score:2)
I might not have seen Okular in that earlier Slashdot review; it does look fairly polished at first glance. That won't work on my primary Windows box, though (at least not directly without virtualization). I have a laptop with PCLOS 2007 on it; I'll install Okular there and take it for a spin.
Re: (Score:2)
Yeah, because of another comment here I just became aware of that project. I installed it all a few minutes ago. Ocular seems "good enough". That's a pretty amazing example of cross-platform development.
Re: (Score:2, Redundant)
Maybe this is a good time to try an alternative like Foxit [foxitsoftware.com]?
Re: (Score:2)
Guess I'm going back to Adobe 5.1 again. And yes, I still have the install.
I did this back a couple of years ago, when Adobe used an Acrobat update to introduce a "feature" that causes all other installed Adobe software (FrameMaker and Photoshop for sure) to phone home every time you start them (http://slashdot.org/~DrVomact/journal/180759 [slashdot.org]). I don't understand why nobody else got upset about this.
By the way, have you figured out how to disable the annoying prompt that reminds you that your version of Acrobat Reader is out of date, and you may not be able to see all the nifty new f
Re: (Score:2)
Re: (Score:3, Informative)
Sigh... still no basic sandboxing (Score:5, Interesting)
And why exactly does Adobe Reader run with full permissions to all the user's files? Surely by now Adobe would have learned to run it in a sandbox. For example, the code that reads and renders the PDF could run in a separate process (a la IE8 or Google Chrome) and just send image data back to the main window.
More generally, the OS needs to make it completely easy to sandbox applications, so even the stupidest application developer can do it with little effort. Indeed, the default should be that it has no access to write files anywhere except those chosen by the user with the Save As box. I'm not holding my breath though...
Re:Sigh... still no basic sandboxing (Score:5, Insightful)
You seem to blindly believe that Adobe is even remotely competent at writing code. If you've ever used Acrobat, you would realize it is a barely-usable resource-thrashing mess.
Does Ghostview need 150mb of libraries to render a PDF ? No.
Just because a company is a market leader, does not necessarily mean they know what they're doing. They just know how to sell.
Re: (Score:2)
You seem to blindly believe that Adobe is even remotely competent at writing code.
Sure they are. Just not for PDF viewing ;-)
Re: (Score:2)
The latter is actually much more important. There is some application-level sandboxing that can be done, but the majority of it is functionality that needs to be supported by the operating system.
Static file reader -> Pwnage -> WTF?!? (Score:2)
I'm rather dismayed and horrified that operating systems don't already do this -- but then, reading TFA, I notice that "the flaw could be exploited on systems running Microsoft's Windows XP SP3", and suddenly it all makes sense, in a depressingly mediocre sort of way. The very concept that a reader program, for what are supposed to be static files, could pwn the whole OS is both flabbergasting, and par for the Microsoft course.
OTOH, TFA doesn't mention if this is remotely possible on Linux -- am I correc
Re:Static file reader - Pwnage - WTF?!? (Score:3, Informative)
It's all quite possible under Linux. Realistically, a number of protection mechanisms (many of which started being routinely used in Vista) should prevent buffer overflow attacks. Certainly they should prevent arbitrary code from making OS-level hacks -- which is probably why it only works on XP. While Linux also can use these mechanisms, the only sandboxing it does by default is user/administrator separation (like Vista does, and like XP doesn't generally do). To get OS-level access, you'd need a privilege
Re:Static file reader -> Pwnage -> WTF?!? (Score:2)
Presumably, this sandboxing is what SELinux is all about? I dabbled with it some in Fedora 9, enough to become quite frustrated with the minimal docs I was able to find. I may have to give it another good look-see...
Cheers,
Re:Static file reader - Pwnage - WTF?!? (Score:2)
To an extent, yes. "Sandboxing" on a live system really encompasses a wide variety of potential ways that code can influence the rest of the system. (On the other hand, sandboxing with virtual machines is a much more straightforward problem.) One of these is access control. SELinux is an access control mechanism that provides more powerful and finer-grained access control than Unix's user model.
SELinux is a good example of how this sort of thing is tough to do. It can take a substantial amount of work for a
Re: (Score:2)
Why do people, focus on Microsoft ? Is this going to hurt me in the next 24 hours, or don't you care ? I use Gnomes PDF viewer or Gnomes xPdf. (why does Firefoxs spellchecker complain about linux ?)
Are windows users in charge of the internet too ?
Yes, I know you blue, are doing the right thing, but the thread was drifting dangerously into cronyism. Surely we're all in this together ?
Re:Static file reader -> Pwnage -> WTF?!? (Score:2)
So then the issue with a buffer overrun is that the intruder potentially gains access with the permissions of the running process, is that it? And XP is toast simply because Microsoft is brain-dead when it comes to understanding a proper division of access rights? What about Vista -- I know there's UAC, but I seem to recall reading about crackers finding automated ways to get around UAC...?
Again, I am baffled, horrified, but somehow not surprised that a static file reader apparently has access to *everyth
Actually Vista does comes with sandboxing support (Score:4, Informative)
Re: (Score:2)
Note: It is possible to exclude the Flash broker process from breaking through Protected Mode without a prompt, though it requires a registry hack.
Re: (Score:2)
It would seem that Dictionary.com disagrees with you.
-verb (used with object)
5. to exert power or influence on.
6. to provide with leverage.
7. to invest or arrange (invested funds) using leverage.
Also Merriam-Webster Online
Main Entry: leverage
Function: transitive verb
Inflected Form(s): leveraged; leveraging
Date: 1957
1: to provide (as a corporation) or supplement (as money) with leverage ; also : to enhance as if by supplying with financial leverage
2: to use for gain : exploit <shamelessly leverage the sys
Re:Sigh... still no basic sandboxing (Score:5, Informative)
You're proposing to attack the problem in the least efficient possible way. This is yet another in a long series of exploits in AR that use the fact that in its default configuration it executes JavaScript embedded in PDFs. The right way to approach this, as a matter of design, would be not to embed a Turing-complete language in a file format that doesn't need it. Once you embed a Turing-complete language in the format, you're giving the bad guy the ability to run any code he wants on the user's machine. The moral of Turing's theorem is that it's essentially impossible to have any automated check that determines what a piece of code will actually do when you execute it. So yeah, you can try to sandbox it, but that's a last resort.
You're comparing with a web browser. A web browser is qualitatively different. In a web browser, the user (a) wants to be able to run javascript code, and (b) expects that such a thing will happen. In a PDF reader, there is typically no reason for the reader to want it to run JS, and the reader has no sane reason to expect it to run JS. Actually, the reason Adobe made AR execute JS by default was that it wanted to be able to do things that are inherently inimical to the user's interest. JS allows the creator of the PDF to determine who's reading the document, and also provides a mechanism for DRM. Lots of people who create PDFs want to believe in the DRM fable that they can give a document to other people, but then control the use of the document after that. As with all DRM, it's inherently impossible to make it work right as long as the user has hardware that they're really allowed to use as a general-purpose PC. E.g., to remove the DRM from a PDF on a linux box, you can do this: gs -q -dCompatibilityLevel=1.4 -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=b.pdf a.pdf -c '.setpdfwrite'
As a user, there are basically two sane things you can do. (1) Don't install AR on your machine. Use something else, such as evince on linux, or foxit on windows. They're faster anyway. (2) If there really is extra functionality in AR that you need, turn off JS. To disable js, go to Edit, Preferences, JavaScript, and uncheck "Enable Acrobat JavaScript".
Re: (Score:2)
....to remove the DRM from a PDF on a linux box...
To do this on a Mac, simply "print" for any program including a PDF reader. If the DRM locked PDF file allows printing, then the printed PDF file will no longer be locked. The user may then use it as any unlocked file.
Actually, javascript in web browsers is a mistake. (Score:2)
The right way to approach this, as a matter of design, would be not to embed a Turing-complete language in a file format that doesn't need it.....You're comparing with a web browser. A web browser is qualitatively different
Actually, if you are going to be a purist about it, Javascript in a web browser is considered to be a security problem because it is a Turing machine. Active X, Flash, any sort of Turing machine in a web browser is always a client security problem and the safest way to deal with any of
Re:Actually, javascript in web browsers is a mista (Score:2)
Re: (Score:3, Informative)
In fact, Adobe Reader is really not the issue -- the issue is that the OS doesn't impose MAC (mandatory access controls). MACs should control exactly which resources an application can use, and this can be as restrictive as desired.
Of course, it is difficult to come up with the necessary rules, and to "retrain" the user base, which is why (for example) SELinux MAC was phased in gradually on Fedora.
It took Fedora quite a few releases to fully implement MAC - Fedora Core 2 introduced SELinux (with strict poli
JavaScript... (Score:3, Insightful)
Remind me why my digital document format needs JavaScript again?
Re:JavaScript... (Score:4, Funny)
Because Javascript is the greatest thing since sliced bread and ... and ... and ... well you just need it damn it. Never mind that running stupid little programs that you download from unknowable sources is possibly the dumbest idea ever from a security and reliability point of view ... YOU NEED JAVASCRIPT!!! Got it?
Re: (Score:2)
PDF's use it for form validation and other nitpicky things. I don't know much more than that since I just started learning how the heck pdf's get generated.
Re: (Score:3, Interesting)
Re: (Score:2, Insightful)
While that may be useful for some situations (I came across an RPG character sheet that did that, you plug in stats and it populated the appropriate fields that derived from those stats), it is really outside the scope of what a PDF is supposed to be.
A PDF is what you use when you want to disseminate information, and it's important that you can guarantee the recipient is seeing the exact same document you are. A .doc, for instance, can look different from computer to computer, based on what program (or even
I've experienced this (Score:5, Funny)
I just tried to open a .pdf in Reader 9, and it's completely locked up - I've been stuck on the splash screen for 20 minu--
Oh wait, it's opened now. False alarm, sorry.
uninstall.exe (Score:3, Funny)
How bad is it? (Score:2)
Shadowserver wrote that the flaw could be exploited on systems running Microsoft's Windows XP SP3.
Yawn...
Patch by March something? (Score:5, Interesting)
Today is February 20. This is listed as a critical flaw and they are taking 18 days to release a patch. I'm glad they're getting right on this.
Re:Patch by March something? (Score:4, Funny)
Re: (Score:3, Interesting)
Today is February 20. This is listed as a critical flaw and they are taking 18 days to release a patch. I'm glad they're getting right on this.
Much work remains to be done before we can announce our total failure to make any progress!
Re: (Score:2)
Today is February 20. This is listed as a critical flaw and they are taking 18 days to release a patch. I'm glad they're getting right on this.
Isn't it obvious? They are fixing it as fast as they can. The first 3 days are spent fixing the bug. The next 15 days is the start-up time of Adobe Reader so they can test their bug fix.
Re: (Score:2)
Andy
Re: (Score:2)
No way!
You can release an update to alpha code faster than you can release an update to production code, who would have thought?
It's almost as if there's less QA to do or something.
Re: (Score:2)
By not actually fixing the problem.
By creating a bigger security problem.
This is Adobe, I doubt anyone would be surprised if they made it worse.
Adobe should separate pdf and acrobat more (Score:5, Interesting)
PDF has become what it set out to be, the de facto truly portable document format.
The problem is acrobat keeps larding in new features all the time to the point where in a corprorate environment you get more and more pdfs that require acrobat to even see.
it's an embrace and extend approach.
the problem here is the problem microsoft occasionally runs into-- if you monocrop then their is huge exposure to the possibility that viruses can spread like wild fire.
But with microsoft we were always in that boat from the first day they introduced it. microsoft docs always went hand in hand with the application software environment creating a stable ecosystem for any potential virus. (I use the term virus liberally)
with pdf this was not the case. Pdf is a format. there are many readers.
but adobe's constant racheting of add ons is threatening this.
Re:Adobe should separate pdf and acrobat more (Score:5, Insightful)
Trouble is, while Adobe does have an incentive to support those, they have no incentive to encourage them as defaults. There are two basic problems: Adobe has an incentive to spread PDF as widely as possible(which creates a strong pressure to tack on additional functions to address expanded use cases) and Adobe only makes money on PDF if you use their software. If, in practice, you can only be confident of being able to manipulate a given PDF with Acrobat, Adobe cashes in. Otherwise, not so much.
Re:Adobe should separate pdf and acrobat more (Score:5, Informative)
- If you want a format ISO standardized.
- If you need long term archiving, being sure that after several years your document will be the same even if your computer and your printer have changed.
- If you don't need fancy new stuff, video, sounds.
- But you still want wide support PDF has for reading and printing everywhere.
Then use PDF/A.
This is a subset of PDF. It can be produced by Acrobat, but also a wide range of other vendors applications and scanners, including OpenOffice.
Re: (Score:2)
PDF has become what it set out to be, the de facto truly portable document format.
Portable document format for those who are obsessed with print , you mean. HTML is more portable, and allows you to re-size and re-flow text to suit your preferences, eyesight, and screen size. The only advantage PDF offers is the ability to control how printed output looks. And of course it is the document author who exercises this control.
Nothing used to annoy me more than web sites that consist of nothing but PDF. Now there is something even more annoying: web sites that are nothing but one big Flash.
March 11? (Score:5, Insightful)
Good thing Adobe isn't in the medical business. (Score:2)
"...Adobe is calling the flaw "critical" and says a patch for Reader 9 and Acrobat 9 will be released by March 11."
Boy, good thing they're getting right on this. Of course, perhaps a fix would be a little easier and faster if they didn't manage to take a simple PDF program and turn it into the obscene bloatware that Reader has become.
Patched by March 11th... unless you're using v8 (Score:5, Informative)
Great, I've got to wait 2-3 weeks for this to be patched.
Oh wait, Adobe have a 4 MONTH OLD bug that means we can't even run Acrobat 9 within our company:
http://www.adobe.com/go/kb404597 [adobe.com]
*seethes*
What's worse is that Autodesk hit this exact same bug with their beta of Design Review, and fixed it within a couple of weeks, so I know there's a fix for this.
Re: (Score:2)
I'm confused. You say that like it's a bad thing.
Re: (Score:2)
I think they are using JS to show otherwise hidden content. If you turn off the style on the page, it appears to show the details of the Adobe problem without having to turn on JS.
I ran into a 1337 overclocking-type site recently that did very similar. If you had JS disabled all the content was obscured by a big panel telling you to enable scripts, and that they weren't doing anything wrong with their JS. Well, they were trying to run scripts from many advertisers and tracking domains, but by simply turning
Do not allow pdf to follow links (Score:4, Insightful)
Acrobat reader is precisely in the same position as IE4. Widely used and insecure. Users who are security conscious, vendor lock conscious, portability issues aware are the minority. Precisely the conditions that allowed Firefox to come, but the users in control once again, and take a healthy bite out of the market share of the dominant browser. Impact of Firefox is more than its marketshare. It forced web site developers to be aware of portability issues and become standards compliant. I am very sure other readers like FoxIt or something would take a big bite out of Adobe.
Re: (Score:2)
There are settings available to prevent pdf readers from executing javascript or following hypertext links. But when you do that the acrobat reader bitches and moans and gives you a head ache.
Acrobat reader is precisely in the same position as IE4. Widely used and insecure. Users who are security conscious, vendor lock conscious, portability issues aware are the minority. Precisely the conditions that allowed Firefox to come, but the users in control once again, and take a healthy bite out of the market share of the dominant browser. Impact of Firefox is more than its marketshare. It forced web site developers to be aware of portability issues and become standards compliant. I am very sure other readers like FoxIt or something would take a big bite out of Adobe.
Hell, if they just got rid of the feature creep and offered a simple reader (Reader lite anyone?), I'm guessing 99% of users would be happy. Beyond cut and paste, I really didn't ask or need the other 471 features that are now included.
Does Data Execution Prevention stop the attack? (Score:5, Informative)
Does hardware Data Execution Prevention stop it from happening, in that this exploit would crash Reader instead of cause an exploit if DEP is enabled? I wish companies would suggest that as a possible mitigation, even if not all computers support it.
I did dumpbin /headers and saw that the EXE header for AcroRd32.exe has the "NX compatible" bit set. This means that DEP will be automatically enabled for Reader on Vista.
However, that doesn't cover XP. XP 32 SP3 has an API call named SetProcessDEPPolicy [microsoft.com] to request enabling DEP for your process. Adobe should modify Reader to call this function if it exists. (It exists on Vista SP1 as well, but Vista SP1 will already enable it due to /NXCOMPAT.)
XP 32 SP2 and XP 64 SP2, even though they have DEP, don't have a way to enable it if the system-wide DEP setting is "opt in" - the default. And there's no way to opt in that these support. (Google Chrome has code to use an undocumented system call to enable it, but it actually has no effect.)
Whether NX will be effective depends (Score:2)
This is because interpreted JavaScript is regarded as data (to be read by the interpreter); NX is only effective against binary executable code.
Incidentally, this is a big difference between Java and .NET. Because Java typically uses hotspot VMs it will regard Java as data (byte code). Only if the hotspot compiler decides to compil
Fail (Score:2)
The fact that the compromise of a PDF reader leads to compromise of the entire user account is a failure of the operating system, and Linux/Mac/BSD/Windows all fail equally here.
Re: (Score:2)
Still having buffer overflows (Score:2)
I've said it on here before and I'll say it again. Having access to the files or not there should not be a way in computers to inject code like this.
Shouldn't the no execute bit prevent this. Are we getting to the point where we should turn this on for everything. Can't Adobe ask windows
during the installation to add itself to the "I'm okay with DEP list".
Developers are going to make mistakes, I'm more mad that we still haven't fix the buffer overflow problem which to be is the core security flaw here...not
Re: (Score:2)
Irony and opportunity... (Score:4, Interesting)
Disclaimer, this is an observation, but may seem a bit of a troll...
Once again we see market dominance and poor attention to security collide.
What makes this story interesting is the 'features' Adobe leaves enabled in PDF document features that even Microsoft knows better than to allow.
This creates the interesting aspect of Adobe losing touch and Microsoft actually getting it for once.
If you look at the MS XAML (XPS) document/display formats that compete directly with PDF, Microsoft got it right.
1) Less vulnerbilities - the lack of internal to external scripting of XAML and the sandbox nature of the XAML display and print formats dual sandbox the content inside a managed code environment.
2) XPS is void of scripting which more closely compares to PDF documents.
3) For print industry and press people, XPS/XAML is still turning heads even as new as it is compared to Postscript/PDF. This is not only in consistent print abilities, but speed as well.
4) Add all these together and then realize XAML/XPS can inherently draw and reproduce graphics that are outside the abilities of PDF and Adobe begins to have a reputation problem with companies like agfa, xerox, vari, etc.
(Yes PDF can display anything, but most advanced drawn graphics have to be rasterized because the language cannot inherently draw them. - This also increases the storage sizes and the processing times of high speed printers and presses.)
*A side note, because of OS X's dependence on Display PDF, it also has the same inherent drawing limitations when dealing with advanced graphics. Forcing applications to hack through the native drawing abilities of OS X, and in contrast developers on the Vista Windows side of the market are finding they no longer have to deal with limitations of GDI+ which is comparative to Display PDF on OS X.
Re: (Score:2)
That's a puzzling remark. You're saying there are graphics so complex that they can't be represented by a vector algorithm, but can be represented as a bitmap? Forgive me, perhaps you know what you are talking about, but I swear I just caught a whiff of bullshit.
Re: (Score:2)
There's no 'Display PDF' on OS X, you've probably mistaken it with Display Postscript from Classic Mac OS era. What are you saying might have been true for Display Postscript, but OS X's Quartz 2D is something completely different.
Critical? (Score:2, Insightful)
And a patch will be available on March 11? Boy, they sure are devoting all their resources toward getting a patch out.
Idiots.
Simple solution: (Score:3, Insightful)
Uninstall Acrobat, the most bloated software product I've ever used.
Re: (Score:2, Funny)
Re: (Score:3, Insightful)
There's a saying about C: "We don't prvent you from doing stupid things because that would also prevent you from doing clever things."
There's also a saying about you: "A poor workman blames his tools."
Re: (Score:2)
Yes, let's go back to BCPL!
Re: (Score:2)
Yahoo are like encylopedia salesmen. Or possibly drug pushers. Or possibly just horribly deluded that anyone would want their spyware^H^H^H^H^H^H^Htoolbar at all ?
You try to install Yahoo Messenger, "wanna toolbar ? uncheck box to NOT install it"
You sign up for a Yahoo Mail account, "wanna toolbar ? uncheck box to NOT install it"
You join a Yahoo Group, "wanna tollbar ? uncheck box to NOT install it"
Ad nauseum.