Google warns of using Adobe Reader - particularly on Linux

By +Frank B.
in Back Page News

 Share

Recommended Posts

Grand Master

+Frank B. Subscriber²

Posted
  • Subscriber²
Posted

Google warns of using Adobe Reader - particularly on Linux

On its August Patch Day, Adobe has fixed numerous critical memory-related bugs in Reader for Windows and Mac OS X ? but has chosen to overlook Linux users. The researchers who discovered the holes now fear that potential attackers could find enough clues to build an exploit by comparing the current Windows version of Reader with the previous one. This would leave Linux users defenceless. On top of that, even the patched versions still contain a total of 16 open security holes.

Google employees Mateusz Jurczyk and Gynvael Coldwind initially examined the PDF engine of the Chrome browser and discovered numerous holes. They then tested Adobe Reader and found about 60 issues that triggered crashes, 40 of which are potential attack vectors. When the two researchers reported their discoveries to Adobe, the company promised to provide fixes ? but also indicated that not all the holes would be closed on Patch Day in August.

On Tuesday, that is exactly what happened. Versions 10.1.4 and 9.5.2 were released for Windows and Mac OS X only. Even these patched versions are still vulnerable to 16 of the reported issues that affect Windows, Mac OS X or both systems. To prove this, the Google employees have released obfuscated information concerning the crashes. The security experts say that the unpatched holes could potentially be identified by third parties because they were found by modifying publicly available PDF documents.

Apparently, the researchers' threat to publish all vulnerability details online in accordance with "responsible disclosure" did not worry Adobe. The deadline is set for 60 days after the day on which the researchers informed Adobe about the holes: 27 August. However, Adobe told the researchers that no further updates are planned in that timeframe.

The Google employees therefore recommend that users refrain from opening any PDF documents from external sources in Adobe Reader. Those who use a browser other than Chrome can protect themselves by disabling the Reader's browser extension. The extension allows the holes to be exploited with a simple visit to a specially crafted web page.

Windows users who still use version 9 of Reader have been advised to upgrade to Adobe Reader X, because this version contains a sandbox that makes exploiting the holes more difficult. While Linux users can fix two of the holes by deleting the annots.api and PPKLite.api plug-ins from the /path/to/Adobe/Reader9/Reader/intellinux/plug_ins directory, this seems like a drop in the ocean when considering the total number of holes that riddle Reader for Linux.

Source: The H Online

Veteran

The Dark Knight

Posted
Posted

I stopped using that bug ridden bloatware on all platforms a long time ago.

What do you use instead? I am also looking for a good replacement.

Grand Master

Noir Angel

Posted
Posted

I use Foxit on Windows, haven't used Adobe reader for about 3 years. It's bloated, slow, and now apparently insecure. And I didn't know the PDF plugin in Chrome was made by Adobe, how do I disable it?

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow

      By Snake Doc · Posted

      Same for me. I find Adguard in general just OK. Ublock Orgin Lite works and works well. I use it on Chrome, Edge, and Safari on MacOS and iPadOS/iOS.
    • Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow

      By wingliston · Posted

      I do not use the AdGuard extension. I have uninstalled both the uBlock and Stylus extensions, as well as the Tampermonkey extension, since I began using AdGuard for Windows 7 months ago. It does not use any extension APIs, it modifies traffic system wide using a local proxy. AdGuard performs all the functions of uBlock, as well as additional features such as HTTPS filtering, cosmetic (user scripts and user styles), as well as DNS. It works with any browser and application. I don't understand why you consider the desktop program to be useless...
    • Should Microsoft be forced to stop promoting Edge over other browsers?

      By Mockingbird · Posted

      Should Google be forced to stop promoting Chrome over other browsers? Google pushes Chrome to anyone visiting its website using browsers other than Chrome.
    • Save 31% on Samsung T7 Portable SSD

      By TarasBuria · Posted

      Save 31% on Samsung T7 Portable SSD by Taras Buria During the ongoing memory crisis, where RAM and storage get extremely expensive, it is hard to find a good deal on an internal or portable SSD. While we are far away from 2024 prices, Samsung is currently offering a big discount on its 1TB T7 Portable SSD, saving you 31% or $85. The discount applies to the 1TB variant, which, although not record-breaking, is still plenty for all sorts of data. The drive uses a USB-C port for universal compatibility and high-speed data transfer of up to 1,050 megabytes per second. Samsung claims this drive is nearly ten times faster than a conventional hard drive, plus you get all the benefits of solid-state memory, such as better drop and shock resistance. There is also the ability to password-protect the drive, and you get extra peace of mind with a limited three-year warranty. The Samsung T7 Portable SSD works with all modern computers and tablets, including iPhones, iPads, Android smartphones, and more. And thanks to the two bundled USB cables (Type-C and Type-A), you can use the T7 even with devices that lack USB Type-C ports. The T7 Portable is available in three colors and four storage configurations, but unfortunately, only the 1TB Titan Gray is discounted: 1TB Samsung T7 Portable SSD - $189.98 | 31% off on Amazon This Amazon deal is US-specific and not available in other regions unless specified. This is a first-party seller link (at the time of article publishing); ensure that you also purchase from a first-party seller link only. If you don't like it or want to look at more options, check out the previous deals that we have covered, OR you can also visit Amazon US deals page. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. As an Amazon Associate, we earn from qualifying purchases.
    • WhatsApp slams Isreali firm, NSO Group, for trying to spy on its users

      By leonsk29 · Posted

      Plenty of nations have risen from the ashes of war and today they have high standards of living. Maybe the problem is that your government is run by corrupt and power hungry terrorist organizations that keep the country in the **** because all they care about is filling up their pockets and maintaining their power instead of actually managing the country for the benefit of everyone. Just ask Russians, North Koreans, Iranians, Cubans, Venezuelans and Nicaraguans, etc.

  • Recent Achievements

    • Week One Done
      rubentuben8 earned a badge
      Week One Done
    • Week One Done
      ARaclen earned a badge
      Week One Done
    • One Year In
      jojodbn earned a badge
      One Year In
    • One Month Later
      jojodbn earned a badge
      One Month Later
    • Week One Done
      jojodbn earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      524
    2. 2
      PsYcHoKiLLa
      232
    3. 3
      +Edouard
      132
    4. 4
      ATLien_0
      88
    5. 5
      Steven P.
      83
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!