Adobe admits PDF exploit, posts workaround

Adobe Systems Inc. has confirmed that there's a critical bug in its most popular programs, but it doesn't yet have a patch that protects Windows XP users against attacks arriving as PDF files. In an advisory posted Friday, Adobe admitted that the flaw first disclosed by Petko Petkov, a U.K.-based security researcher, was real. The San Jose-based company also provided a multiple-step work-around in lieu of a permanent fix to its Adobe Acrobat software and its free Adobe Reader application.

Last month, Petkov claimed in a blog posting that he had found a critical vulnerability that could be leveraged using PDF files, Adobe's popular document format. "Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box," Petkov said Sept. 21 "Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page [that] embeds one." At the time, Petkov declined to provide proof-of-concept code, telling users: "You have to take my word for it." He recommended steering clear of all PDFs until a fix was available.

View: The full story
News source: ComputerWorld

Report a problem with article
Previous Story

McAfee buys into encryption market

Next Story

Disk technology takes Nobel Prize


Commenting is disabled on this article.

Nott complaining, noticing how terrible applications are compared to 3rd party ones of the same type in many situations. A company like Adobe definitely has the ability, time, and funds to fix this issue; and a lot of times you see freeware options address security issues quicker.

And on top of that, foxit is about a zillionth of the size of Adobe Reader! The magnitude of failure when a companys format reader gets spanked by a 3rd party reader for it's own format is beyond measurability!

*hugs Foxit*

There's an addon, or whatever you may want to call it, to make it load more quickly, which is pretty stupid, if you ask me.

Agree *hugs Foxit"

While they're at it, they should fix the stupidly slow loading times and bloatedness of the application.
*hugs foxit*