I’ve never liked Adobe’s “free” pdf reader, as it has hung my computer more times than any other single software glitch. Many times I’ve been frozen up and had to do a hard reboot simply because I’ve tried to open pdf files which failed.
I’ve been scolded repeatedly for not “upgrading” to the “latest version” as I should (“latest” versions are an unending computer hassle, of course), but in light of the latest news, I’m beginning to think I should just try to do without pdf files entirely:
A dangerous and unpatched vulnerability in Adobe’s PDF-reading software has been around a lot longer than previously realized.
The bug, first reported late last week, has caused concern because it is easy to exploit and it is not expected to be patched by Adobe for several weeks. Symantec told Adobe about the flaw, which lies in the Acrobat and Reader software, on Feb. 12, but on Monday security vendor Sourcefire said that an analysis of its database of malicious software shows that attackers have actually been using the attack for more than six weeks.
Sourcefire has found samples dating back to Jan. 9, said Matt Watchinski, Sourcefire’s senior director of vulnerability research.
To date, the bug has been used in small-scale attacks against specially targeted individuals. Symantec says it has tracked only 100 attacks, but attacks have been increasing as attack code that exploits the flaw has been made public. The bug affects both Mac and Windows users.
Well, at least this time my Mac friends won’t be able to smugly say “I TOLD YOU SO!” and brag about how they “no longer have to worry” about viruses.
I have to marvel, though, over human ingenuity. That so many people would be so dedicated to annoying total strangers by discovering new ways of intruding into their lives never ceases to amaze me.
But I guess things could be worse. At least these hackers aren’t going out and getting government jobs….
Comments
7 responses to “Do I have to upgrade to the fix to the patch that’s fixing to bug my fix?”
Mac guys, who get rather pissy about these things, might point out to you that this isn’t a virus, by any definition, and that even if this hole were being exploited for delivery of Mac-specific malware, the bad guys’ code wouldn’t run.
“The bug affects both Mac and Windows users” is carefully, propagandistically worded. It’s a stock phrase appended to these announcements to make Microsoft customers feel better. They are, after all, almost everybody. That the these kind of coding errors can’t be turned against Mac users without their explicit cooperation is what’s elided.
Really, the “no viruses” thing, however broadly understood, is the only part of Apple smugness that’s justified. And they paid top dollar for it. Let ’em have it.
I affects both Mac and Windows users of Acrobat.
But who uses Acrobat on a Mac*? OSX comes with PDF support built in.
I only use Foxit for PDF viewing on my Windows machines.
Acrobat Reader is the very devil, even if it was perfectly secure.
(* Answer: People who have to deal with one of the tiny, tiny, tiny fraction of PDFs that only Acrobat Reader can cope with.
And those poor bastards stuck using Acrobat (not Reader) to create PDFs.)
“I only use Foxit for PDF viewing”
Same here. Acrobat sucks.
People who have to deal with one of the tiny, tiny, tiny fraction of PDFs that only Acrobat Reader can cope with.
That includes PDFs with forms, since Preview can’t handle saved forms. For example, the IRS is a big user of such PDFs.
Try Foxit Reader for PDF files. It’s tiny compared to Adobe, and doesn’t have nearly as many problems. Somewhere around version 5 Adobe was a useful way to read pdfs, since then it’s turned into a monster piece of bloatware with massive problems. After thelast “upgrade” I’ve completely deleted it, and good riddance.
Don’t know about Windows, but Nisus and NeoOffice for the Mac have built in PDF distillers. A search on “pdf” on the Apple downloads page will find dozens of items dealing with PDFs.
Perhaps because I’m still using version 5 Acrobat, I’m still happy with it.
Very seldom do I come across a file that is not readable, even though I get a warning that the file might contain information my version can’t read.
I never upgrade until I have to.