Google warns of using Adobe Reader - particularly on Linux

By +Frank B.
in Back Page News

 Share

Recommended Posts

Grand Master

+Frank B. Subscriber²

Posted
  • Subscriber²
Posted

Google warns of using Adobe Reader - particularly on Linux

On its August Patch Day, Adobe has fixed numerous critical memory-related bugs in Reader for Windows and Mac OS X ? but has chosen to overlook Linux users. The researchers who discovered the holes now fear that potential attackers could find enough clues to build an exploit by comparing the current Windows version of Reader with the previous one. This would leave Linux users defenceless. On top of that, even the patched versions still contain a total of 16 open security holes.

Google employees Mateusz Jurczyk and Gynvael Coldwind initially examined the PDF engine of the Chrome browser and discovered numerous holes. They then tested Adobe Reader and found about 60 issues that triggered crashes, 40 of which are potential attack vectors. When the two researchers reported their discoveries to Adobe, the company promised to provide fixes ? but also indicated that not all the holes would be closed on Patch Day in August.

On Tuesday, that is exactly what happened. Versions 10.1.4 and 9.5.2 were released for Windows and Mac OS X only. Even these patched versions are still vulnerable to 16 of the reported issues that affect Windows, Mac OS X or both systems. To prove this, the Google employees have released obfuscated information concerning the crashes. The security experts say that the unpatched holes could potentially be identified by third parties because they were found by modifying publicly available PDF documents.

Apparently, the researchers' threat to publish all vulnerability details online in accordance with "responsible disclosure" did not worry Adobe. The deadline is set for 60 days after the day on which the researchers informed Adobe about the holes: 27 August. However, Adobe told the researchers that no further updates are planned in that timeframe.

The Google employees therefore recommend that users refrain from opening any PDF documents from external sources in Adobe Reader. Those who use a browser other than Chrome can protect themselves by disabling the Reader's browser extension. The extension allows the holes to be exploited with a simple visit to a specially crafted web page.

Windows users who still use version 9 of Reader have been advised to upgrade to Adobe Reader X, because this version contains a sandbox that makes exploiting the holes more difficult. While Linux users can fix two of the holes by deleting the annots.api and PPKLite.api plug-ins from the /path/to/Adobe/Reader9/Reader/intellinux/plug_ins directory, this seems like a drop in the ocean when considering the total number of holes that riddle Reader for Linux.

Source: The H Online

Veteran

The Dark Knight

Posted
Posted

I stopped using that bug ridden bloatware on all platforms a long time ago.

What do you use instead? I am also looking for a good replacement.

Grand Master

Noir Angel

Posted
Posted

I use Foxit on Windows, haven't used Adobe reader for about 3 years. It's bloated, slow, and now apparently insecure. And I didn't know the PDF plugin in Chrome was made by Adobe, how do I disable it?

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Windows 11's big performance boost is finally available for all

      By George P · Posted

      There really isn't anything magical about the low latency profile, other OS's do this as well. All they're doing is using your CPUs boost clock options in a more smarter way. Normally how it's been used is that your CPU would boost for only heavy workloads, not for minor things like UI and starting some apps. This change take advantage of your higher clocks for those fractions of a second and then drops them down again. There shouldn't be any noticeable hit to battery in the end as well. In the end we're talking minor clock spikes that don't last long enough for even your fans to spin up.
    • Windows 11's big performance boost is finally available for all

      By +Good Bot, Bad Bot · Posted

      So we shouldn't have the option because of people using their laptops on battery? OK? LOL
    • Windows 11's big performance boost is finally available for all

      By George P · Posted

      If you hear that fans for a limited time the CPU spikes to open a app I don't think the problem is with the software. There shouldn't be enough time spent at the higher clocks to produce enough heat to peak the fans. Maybe it's time to crack those dell laptops open and clean them out?
    • ActivePresenter 10.5.1

      By Copernic · Posted

      ActivePresenter 10.5.1 by Razvan Serea ActivePresenter is a screen recording, video editing, and eLearning authoring tool with a range variety of powerful features, helping you to capture screen and edit captured videos in a matter of minutes. Create professional screencasts that contain stunning annotations and effects, high-resolution graphics, videos, and voiceovers. You can capture any application on your computer, customize it easily by adding background music, closed caption, zoom-n-pan, etc., and finally export it to popular outputs (video, document) that can run on any device or platform. ActivePresenter allows you to generate the presentations in many different output forms such as image, videos (MP4, MKV, and AVI), HTML SlideShows, HTML5 simulations, and documents. More importantly, ActivePresenter free version provides full access to all video editing features, and you can edit and export videos without time limit, watermarks, or ads. ActivePresenter Free Edition features: Advanced recording features: Full Motion Recording, Smart Capture Video editing: Cut, Crop, Join, Change Volume, Speed Up, Slow Down, Blur Multiple Audio/Video Layers Rich annotations: Shapes, Image, Zoom-n-Pan, Closed Caption, Cursor Path, Audio/Video Overlays Automatic Smart Annotation Export to: MP4, FLV, AVI, WMV, WebM, MKV No Watermark and No Time Limit Clean & Safe: No adware, No Annoying Ads ActivePresenter 10.5.1 fixes: [Import PowerPoint]: Only the first slide is imported from some Canva-generated PowerPoint presentations. [Import PowerPoint]: Some Chinese theme fonts are resolved incorrectly. Embedded YouTube videos cannot generate preview thumbnails in the editor or play in HTML5 preview. [macOS]: Resources could be inserted into the current slide unintentionally when clicking or dragging in the Resources pane. [Publish uPresenter]: "Failed to process the presentation" error sometimes appears when publishing projects to uPresenter. [SCORM]: User responses are not reported to the LMS for Mouse Click and Key Stroke interactions. Custom hotkeys are reset or incorrectly remapped after updating from version 10.1.2 or earlier. Download: ActivePresenter 10.5.1 | 176.0 MB (Free, paid upgrade available) Download: ActivePresenter 10.5.1 for macOS | 227.0 MB Links: ActivePresenter Website | Demos | Tutorials | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • The official Funny Pictures thread

      By +primortal · Posted

  • Recent Achievements

    • Week One Done
      FBSPL earned a badge
      Week One Done
    • One Year In
      Jim Dugan earned a badge
      One Year In
    • One Month Later
      Tommi118 earned a badge
      One Month Later
    • One Month Later
      sjbousquet earned a badge
      One Month Later
    • Week One Done
      sjbousquet earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      495
    2. 2
      PsYcHoKiLLa
      198
    3. 3
      +Edouard
      155
    4. 4
      Steven P.
      84
    5. 5
      ATLien_0
      69
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!