Comments on: Core Security finds critical Adobe Reader hole

Core Security issues warning of vulnerability in version 8.1.2 of Adobe Reader on Tuesday on the day a security patch is due to be released by Adobe.

Add a Comment (Log in or register) (14 Comments)

by gsmiller88 November 4, 2008 7:45 AM PST

I'm so glad Apple Preview can read PDF files and I have no need for such garbage as Adobe Reader.

Like this Reply to this comment


by kkohnen November 4, 2008 8:06 AM PST: And I'm happy for you too! But, why does _EVERYTHING_ have to become an Apple vs. Microsoft discussion?; Like this


by rapier1 November 4, 2008 8:31 AM PST: Because if its not put in the starkest black and white many people won't be able to form an opinion of any sort. If its not 'us versus them' some people just feel lost.; Like this


by fdunn3 November 4, 2008 8:46 AM PST: to: kkohnen

What does Adobe Acrobat Reader have to do with Microsoft?

I don't see where gsmiller88 referred to MS anywhere in his post.; Like this


by GhostAlph November 4, 2008 9:16 AM PST: to fdunn3:

You don't see what gsmiller88 was getting at because you are apparently blind to implication and inference.

Here - let me paraphrase it for you:

"I'm so glad (software for Apple platform) can (do task in question) and I have no need for such garbage as (program for Microsoft platform)."

I agree with rapier1 - if it's not "us vs. them" people generally don't care or don't get it.; Like this


by ittesi259 November 4, 2008 9:26 AM PST: Um that wasn't an Apple/MS discussion it was Preview/Acrobat Reader.....; Like this


by Heebee Jeebies November 4, 2008 3:28 PM PST: No this was a dumb @ss to dumb @ass discussion. The Mac since moving to Intel processors has had nearly as many patch updates as Windows. Neither platform is perfect and the only reason the Mac twits spew their poo is to make themselves feel better about spending a whole lot more money for a system no better than a $600 PC and because they are locked in to the whims of Apple and have to replace the entire computer in order to upgrade because Apple won't let you update just the motherboard or processor. Someone has to make the Mac losers feel better about their choice and so I guess that falls to the suckers themselves.

Robert; Like this


by Canberra-photographer November 5, 2008 3:40 AM PST: Apple Preview is a terrible reader for PDF files and it's likely no more secure given it still decodes PDFs.; Like this


by elezhbeth32 November 4, 2008 8:44 AM PST: A critical security hole in Adobe Reader could allow an attacker to take control of a computer, according to Core Security Technologies.

The vulnerability affects version 8.1.2 of Reader, Core Security said in a statement issued on Tuesday to coincide with Adobe's planned release of a security update to fix the vulnerability.

An attacker could put malicious code in JavaScript embedded in a PDF and spread that via a Web site or e-mail. Once the file is opened, the code could manipulate the program's memory allocation pattern and trigger the vulnerability to execute arbitrary code with the privileges of the user.

Damian Frizza, a CoreLabs researcher, discovered the vulnerability in May while he was investigating a similar vulnerability in a different PDF viewer application called Foxit Reader. Core Security immediately reported the new hole to Adobe.

Adobe representatives did not return a call seeking comment on Monday.

The complexity of desktop software increases the chances of applications having bugs that result from the implementation of the software, said Ivan Arce, chief technology officer of Core Security.

"We've seen similar vulnerabilities in JavaScript engines in Adobe software in the past and in other applications," he said. "It's difficult to avoid implementation bugs like this one."; Like this Reply to this comment


by CoreSecurity November 4, 2008 9:03 AM PST: Here's a link to the actual Core Security vulnerability advisory on the CoreLabs homepage: http://www.coresecurity.com/content/adobe-reader-buffer-overflow .; Like this Reply to this comment


by rcrusoe November 4, 2008 12:43 PM PST: foxitsoftware.com offers a free pdf reader that may not have the same problems. At the very least this 2.5 mb program launches in less than 1/10 the time of Acrobat on my computer.; Like this Reply to this comment


by mbenedict November 4, 2008 7:58 PM PST: @gsmiller88:

Apple's PDF implementation is also rife with security holes, so MacOS users have the privilege of all Adobe vulnerabilities PLUS all Apple vulnerabilities.

For a recent example, see CVE-2008-2322 (just patched a couple of months ago.)

Another example was MOAB-06-01-2007. Adobe promptly fixed this hole in their Reader 8.0, but OS X's Preview was vulnerable for **MONTHS** before Apple finally provided a patch.

For a security perspective, duplicate functionality means reduced defense depth, twice the attack surface, and you get worst of both worlds.; Like this Reply to this comment


by fdunn3 November 5, 2008 6:47 AM PST: To: GhostAlph
I understood perfectly what he was implying but apparently I'm not the only blind person here as Adobe also makes the Acrobat Reader for the Mac. Also for anybody to guess that the implication was against Microsoft as he indicates in his post and you defend is just plain "paranoid", "MS Fanboy", or both. Is it that you have just never heard of Linux?; Like this Reply to this comment


by americas234 November 5, 2008 11:27 AM PST: i already installed adobe reader 9 .is it safe from this promblem.?; Like this Reply to this comment

(14 Comments)

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.