Adobe Patches Zero-Day Vulnerability

Terry Olaes

Terry Olaes

I Used to be the [H] News Guy
Joined
Nov 27, 2006
Messages
4,646
Much ado has been made of Adobe’s critical scripting vulnerability flaw. If you’re still using Adobe Reader, you’ll be happy to know a patch was released this week that fixes the problem in version 9. Users of versions 7 & 8 are still on schedule to be patched on 3/18.

For those that haven’t been following the details of the exploit, the vulnerability is a result of an array indexing error in the processing of JBIG2 streams. Hackers have found a way to corrupt arbitrary memory using the PDF format and take control of compromised systems. The lesson learned here if we didn’t know it already, don’t take candy, or PDF’s from strangers.
Click to expand...
 
Better than patching, just switch to Foxit. Security aside, unless Adobe's overhauled their reader in the last year or 2, Foxit is much faster. I'm sure I give up some features that come with Adobe's solution, but I can't say I miss them.
 
Did they patch it so that it's not a bloated piece-of-shit software "bundle" with auto-downloading updates and a malware-like deathgrip on your system?


No?


Screw Adobe Reader then.
 
I always thought Adobe Reader was too "heavy" for nothing, but never really took the time to look for an alternative. What do you suggest? Someone already mentioned Foxit. Are they as good as Reader? Or will I get the same reaction I got with OpenOffice, I went back to Office in no time because it was awful (I do understand OpenOffice is made by people in their free time, but they tried adding everything Office has, but half of it doesn't work properly).
 
darkpaw said:
You can get the reader only version directly from the FTP site ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1/enu/

(its the smallest file)

I hate that other crap they've been bundling since 9.0 and the patch isn't available for previous versions.

Foxit is a good program, but has some holes too (http://www.securityfocus.com/archive/1/501623 among others), so if you use that don't forget to patch it as well!
Click to expand...

You have to patch any app you use. I just run Secunia's PSI...it lets me know if there's an update for virtually every app I'm running.
 
You must log in or register to reply here.
Back
Top