Google warns of using Adobe Reader - particularly on Linux

By +Frank B.
in Back Page News

 Share

Recommended Posts

Grand Master

+Frank B. Subscriber²

Posted
  • Subscriber²
Posted

Google warns of using Adobe Reader - particularly on Linux

On its August Patch Day, Adobe has fixed numerous critical memory-related bugs in Reader for Windows and Mac OS X ? but has chosen to overlook Linux users. The researchers who discovered the holes now fear that potential attackers could find enough clues to build an exploit by comparing the current Windows version of Reader with the previous one. This would leave Linux users defenceless. On top of that, even the patched versions still contain a total of 16 open security holes.

Google employees Mateusz Jurczyk and Gynvael Coldwind initially examined the PDF engine of the Chrome browser and discovered numerous holes. They then tested Adobe Reader and found about 60 issues that triggered crashes, 40 of which are potential attack vectors. When the two researchers reported their discoveries to Adobe, the company promised to provide fixes ? but also indicated that not all the holes would be closed on Patch Day in August.

On Tuesday, that is exactly what happened. Versions 10.1.4 and 9.5.2 were released for Windows and Mac OS X only. Even these patched versions are still vulnerable to 16 of the reported issues that affect Windows, Mac OS X or both systems. To prove this, the Google employees have released obfuscated information concerning the crashes. The security experts say that the unpatched holes could potentially be identified by third parties because they were found by modifying publicly available PDF documents.

Apparently, the researchers' threat to publish all vulnerability details online in accordance with "responsible disclosure" did not worry Adobe. The deadline is set for 60 days after the day on which the researchers informed Adobe about the holes: 27 August. However, Adobe told the researchers that no further updates are planned in that timeframe.

The Google employees therefore recommend that users refrain from opening any PDF documents from external sources in Adobe Reader. Those who use a browser other than Chrome can protect themselves by disabling the Reader's browser extension. The extension allows the holes to be exploited with a simple visit to a specially crafted web page.

Windows users who still use version 9 of Reader have been advised to upgrade to Adobe Reader X, because this version contains a sandbox that makes exploiting the holes more difficult. While Linux users can fix two of the holes by deleting the annots.api and PPKLite.api plug-ins from the /path/to/Adobe/Reader9/Reader/intellinux/plug_ins directory, this seems like a drop in the ocean when considering the total number of holes that riddle Reader for Linux.

Source: The H Online

Veteran

The Dark Knight

Posted
Posted

I stopped using that bug ridden bloatware on all platforms a long time ago.

What do you use instead? I am also looking for a good replacement.

Grand Master

Noir Angel

Posted
Posted

I use Foxit on Windows, haven't used Adobe reader for about 3 years. It's bloated, slow, and now apparently insecure. And I didn't know the PDF plugin in Chrome was made by Adobe, how do I disable it?

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Windows 11 KB5094126 June 2026 Patch Tuesday update now available to download

      By LiLmEgZ · Posted

      I give it Zero Days
    • HomeBank 5.10.1

      By Copernic · Posted

      HomeBank 5.10.1 by Razvan Serea HomeBank is a free software (as in "free speech" and also as in "free beer") that will assist you to manage your personal accounting. It is designed to easy to use and be able to analyse your personal finance and budget in detail using powerful filtering tools and beautiful charts. If you are looking for a completely free and easy application to manage your personal accounting, budget, finance then HomeBank should be the software of choice. HomeBank also benefits of more than 19 years of user experience and feedback, and is translated by its users in around 56 languages. Highlights: Cross platform, supports GNU/Linux, Microsoft Windows, Mac OS X Import easily from Intuit Quicken, Microsoft Money or other software Import bank account statements (OFX, QIF, CSV, QFX) Duplicate transaction detection Automatic cheque numbering Various account types : Bank, Cash, Asset, Credit card, Liability Scheduled transaction Category split Internal transfer Month/Annual budget Dynamic powerful reports with charts Automatic category/payee assignment Vehicule cost HomeBank 5.10.1 changelog: change: the input field helper icon + fixed some spacing inconsistency change: transaction, added some missing input tooltips and reworked existing change: category, payee and tag window add input now have a tooltip and button change: split window, refactored the layout change: split window, add display of memo and date wish : #2106800 budget report option to exclude transfers from unbudgeted line bugfix: prevent deletion of non pending transaction when rejecting bugfix: transaction warning for no rate faultly showing in transfer bugfix: report missing space for filter tooltip icon bugfix: budget report missing filter tooltip bugfix: manage account closed icon was hidding budget icon bugfix: #2154771 view transcations requires hitting Escape or X twice to close dialog bugfix: #2154337 transfer to/from closed account with different currency don't show the amount bugfix: #2154234 scheduled transaction recurring pattern daily value limited to 100 bugfix: #2149897 view split for closed accounts bugfix: #2148561 global time chart do not shows current period by default bugfix: #2148456 the main screen Total Chart is no longer showing an overall total bugfix: #2147497 editing a transaction resets scroll position bugfix: #2147377 balance mixup with transaction same day sort by amount bugfix: #2147052 quarter are wrong when fiscal year is jan 1 bugfix: #2147048 all events for the month are late but today is only the 1st bugfix: #2144993 impossible to search for transactions by value for values >999,99 bugfix: #2144698 adding new Category/Payee/Tags requires hitting -Enter- bugfix: #2144419 QIF Account name detection fail on import bugfix: #2142349 can't delete account groups bugfix: #2139409 account maximum limit is not fully used (example credit card) bugfix: #2133783 transfers shouldn't add to dashboard top spending reports Download: HomeBank 5.10.1 | 20.5 MB (Open Source) Download: 3rd party packages (macOSX. Ubuntu...etc) View: HomeBank Website | Support | Features | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow

      By naap51stang · Posted

      Same, price was right for my Home, laptop, phone. Works great!
    • Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow

      By ZipZapRap · Posted

      Brave and Firefox. I’ve been using them as my primary browsers for a while now, perfect combo
    • Apple would rather delay Siri AI than open iOS to rival assistants in the EU

      By ExPat · Posted

      They want Ring 0 access. Should be a hard no. A middle ground needs to be found.

  • Recent Achievements

    • One Year In
      Primer1st earned a badge
      One Year In
    • Experienced
      JayZJay went up a rank
      Experienced
    • Reacting Well
      Sir_Timbit earned a badge
      Reacting Well
    • Week One Done
      rubentuben8 earned a badge
      Week One Done
    • Week One Done
      ARaclen earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      524
    2. 2
      PsYcHoKiLLa
      232
    3. 3
      Edouard
      135
    4. 4
      ATLien_0
      88
    5. 5
      Steven P.
      83
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!