PC Pals Forum

Technical Help & Discussion => General Tech Discussion, News & Q&A => Topic started by: Clive on February 20, 2009, 17:15

Title: No Acrobat patch for 3 weeks
Post by: Clive on February 20, 2009, 17:15

A security flaw in Adobe's Acrobat Reader software will not be fixed for three weeks, the company has warned.

Adobe warned that the vulnerability affected Acrobat Reader 9 as well as Acrobat 9 and earlier versions of the software as well.

"Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by 11 March, 2009," Adobe said in a statement.

"Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow," the statement continued.

Security experts warned that the flaw could allow a hacker to take control of your PC.

"The risk is that hackers could deliberately construct a malformed PDF file that would trigger the vulnerability, allowing them to open a backdoor and run malicious code on your computer," said Graham Cluley of security firm Sophos.

Title: Re: No Acrobat patch for 3 weeks
Post by: Rik on February 20, 2009, 17:26

To think I used to be an ardent Adobe fan.  :cry:

Title: Re: No Acrobat patch for 3 weeks
Post by: sam on February 20, 2009, 17:28

its bloatwear too!

Title: Re: No Acrobat patch for 3 weeks
Post by: Rik on February 20, 2009, 17:30

I know. :( When I worked for them, they 'felt' a much better company, they were lean, quick to respond, innovative. Now, they seem to have got bogged down in trying to out Microsoft Microsoft, Sam.  :bawl:

Title: Re: No Acrobat patch for 3 weeks
Post by: Simon on February 20, 2009, 18:27

So, are PDF files something to be generally wary of?  I wasn't aware that they could harbour viruses.  What if you use something like Foxit to open them?  Would you be more vulnerable in that case?

Title: Re: No Acrobat patch for 3 weeks
Post by: Rik on February 20, 2009, 18:43

You're as vulnerable as Foxit, Simon. It's like any piece of code you download, really, it can harbour nasties.

Title: Re: No Acrobat patch for 3 weeks
Post by: sam on February 21, 2009, 09:53

though its easier to hind things in certain types.. and you don't really execute pdfs....

Title: Re: No Acrobat patch for 3 weeks
Post by: Rik on February 21, 2009, 11:10

Is that true, Sam? They are based on Postscript and, as such, do run code surely?

Title: Re: No Acrobat patch for 3 weeks
Post by: sam on February 21, 2009, 15:28

actually I guess you are right in that sense - I meant its not like you are going to run a pdf like you would some other executable, e.g. if you downloaded a programme of the web then you would expect to install it so when it started running a setup  you wouldn't think anything of it-  if a pdf did, alarm bells should ring.  If that makes sense...

Title: Re: No Acrobat patch for 3 weeks
Post by: Rik on February 21, 2009, 15:35

It does. What I was thinking, though, was that a suitably crafted PDF could exploit Acrobat without the user knowing a thing about what was happening.

Title: Re: No Acrobat patch for 3 weeks
Post by: Clive on February 21, 2009, 16:09

Wasn't there a huge spate of spam containing .pdf viruses about a year ago?  :dunno:

Title: Re: No Acrobat patch for 3 weeks
Post by: sam on February 21, 2009, 16:35

Quote from: Rik on February 21, 2009, 15:35

It does. What I was thinking, though, was that a suitably crafted PDF could exploit Acrobat without the user knowing a thing about what was happening.

true... though there probably aren't that many pdfs out there that are infected - you still have to get it from a dodgy source.

Title: Re: No Acrobat patch for 3 weeks
Post by: Rik on February 21, 2009, 16:37

Quote from: Clive on February 21, 2009, 16:09

Wasn't there a huge spate of spam containing .pdf viruses about a year ago?  :dunno:

Yes. :(