Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
edit:
May 8th, @01:33PM
| [Analysis Details] Adobe Describes Holes, Offered Patches
Adobe Describes Holes, Offers Patches
Three months after acknowledging multiple vulnerabilities in its popular Reader software and then patching the program, Adobe Tuesday finally provided some details about the bugs.
In a security bulletin issued Tuesday, Adobe listed eight vulnerabilities -- most of them critical -- that it patched in early February when it released Reader 8.1.2 and Acrobat 8.1.2. At the time, Adobe had only said it fixed "a number of ... security vulnerabilities" in the two programs; it did not specify how many flaws were fixed, what they were or how attackers might exploit them.
Reader is one of the world's most popular pieces of software, since it's both free and the default PDF viewer for many users.
The secrecy three months ago puzzled security researchers, who noted that Adobe was usually more forthcoming about vulnerabilities. Today, one researcher speculated about the mystery. "I think Adobe thought the severity of the vulnerabilities warranted some secrecy," said Andrew Storms, nCircle's director of security operations. "Six of the eight are in JavaScript. That's not a very difficult attack scenario. It's not as if you have to compile code. And it's going to work on any processor, and on almost any machine."
Even though Adobe disclosed some information about the bugs it fixed in February, the bulletin was still terse. It did not spell out possible attack vectors or even rate the bugs. "These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system," was about as far as the bulletin ventured.
Storms agreed that the three-month lag between patching the vulnerabilities and divulging some details was extreme, but noted that many of the flaws went back farther than February. "Some were apparently disclosed [to Adobe by researchers] in late 2007," he said. "There's one from November, and others from September and October."
»www.pcworld.com/businesscenter/a···hes.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/
*
A fun/friendly/informative forum for the mature elder crowd
»www.theover50goldengroup.net
|
|
Libra
Premium
join:2003-08-06
USA
| Hi NameGame,
Thank you for the information.
I have Adobe Reader 7.0.8 installed on the XP computer. In view of past vulnerabilities I set it within the program to not access the internet and also turned off javascript. Also, it would only be used in a limited user account. Do I have to be concerned about this version?
Sincerely, Libra |
|
Cudni
La Merma - Los De Aca
Premium,MVM
join:2003-12-20
Someshire | reply to Name Game
also
»Adobe Security Advisory:
Cudni |
|
Libra
Premium
join:2003-08-06
USA | Thanks for that link, Cudni. As a result, I removed version 7.0.8 and installed 7.1.0 last week.
Sincerely, Libra |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
edit:
May 26th, @11:54PM
| reply to Name Game
I have given up on Adobe reader now completely..Foxit reader is so much more compact..free and does a great job.
Incredibly small: The download size of Foxit Reader is only 2.55 M which is a fraction of Acrobat Reader 20 M size.
»www.foxitsoftware.com/pdf/rd_intro.php
If you want some other ideas and comparisons see here
»www.technospot.net/blogs/5-popul···-tested/ |
|
C DM
join:2002-12-31
| Foxit is a pretty good reader. However, this being a security-focused thread (more or less), it should be mentioned it also has security holes (pretty much just like anything else out there). |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
edit:
May 29th, @08:56AM
| How true..but they seem to respond faster to those vulnerabilites...
»Foxit Reader "util.printf()" Buffer Overflow Vulnerability
and I have yet to see one in the wild.  |
|
