Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Software News

Adobe Warns of Critical Zero Day Vulnerability 236

Posted by Soulskill from the might-want-to-just-trademark-that-term dept.
wiredmikey writes "Adobe issued an advisory today on a zero-day vulnerability (CVE-2011-2462) that has come under attack in the wild. According to Adobe, the issue is a U3D memory corruption vulnerability that can be exploited to cause a crash and permit an attacker to hijack a system. So far, there are reports the vulnerability is being exploited in limited, targeted attacks against Adobe Reader 9.x on Windows. However, the bug also affects Adobe Reader and Acrobat 9.4.6 and earlier 9.x versions for UNIX and Macintosh computers, as well as Adobe Reader X (10.1.1) and Acrobat X (10.1.1) and earlier 10.x versions on Windows and Mac. Patches for Windows and Mac users of Adobe Reader X and Acrobat X will come on the next quarterly update, scheduled for Jan. 10, 2012."
This discussion has been archived. No new comments can be posted.

Adobe Warns of Critical Zero Day Vulnerability More

Adobe Warns of Critical Zero Day Vulnerability

Comments Filter:

  • Mac? (Score:4, Interesting)

    by 93 Escort Wagon ( 326346 ) on Tuesday December 06, 2011 @10:13PM (#38287278)

    I'd be curious to know how many Mac users install Adobe Reader at all, since Preview does a very good job of basic PDF handling - and loads almost instantly, as opposed to Reader's geologic-era-scale load time.

  • I think the time has come for "PDF Lite" (Score:4, Interesting)

    by sootman ( 158191 ) on Tuesday December 06, 2011 @10:18PM (#38287318) Homepage Journal

    ... or maybe just go back a few versions. No movies, no scripting, no interactivity other than hyperlinks and form elements, no live connection to the Web, no motion of any kind. Just vector shapes and a handful of well-known image formats. Please, just go back to what PDF was originally supposed to be: a virtual print that looked the same anywhere, including a small handful of well-known image formats. Oh, and make it "safe", which it never would have occurred to me to ask for in the past but I guess we need to specifically request that that these days. (Hi, GM, can you please make a car without an array of eight-inch spike in the middle of the steering wheel?) And, as long as I've got this crackpipe, I'll ask them to make the spec simple enough and open enough that anyone can make a program to generate them or read them.

    I don't know what features Adobe is packing into the spec these days but to the best of my knowledge there's nothing I do today that couldn't be handled by PDF 1.2 and Acrobat 3. The only problem is, when people make PDFs, they tick the little box that says "Require Acrobat _ or greater" and I always have to update.

  • Re:Patched when? (Score:4, Interesting)

    by syousef ( 465911 ) on Tuesday December 06, 2011 @10:23PM (#38287354) Journal

    Jan. 10, 2012? Why not immediately? Do Adobe coders suck that bad...

    Honestly I think when a major vulnerability is found, companies should fix it immediately or face penalties.

    You naive sod. You think the DEVELOPERS determine the release schedule? For all you know there are developers there with a fix ready and tested that are agitating and itching for it to go out.

  • Re:A lack of diversity... (Score:5, Interesting)

    by mirix ( 1649853 ) on Tuesday December 06, 2011 @10:30PM (#38287404)

    Evince [gnome.org] (gtk) and Okular [kde.org] (ex-kpdf, iirc, Qt) both seem pretty usable to me.

    At work, I'm stuck with windows, and the Evince win32 port seems to work quite well there too. Only issue I ran into was that be default it tried to print things in landscape mode or something like that, and I didn't notice.
    A nice feature is that it does djvu and postscript as well, instead of having multiple readers (although I seem to think ps might not work with windows in default, probably relies on ghostscript or so..?).

  • Why even announce this... (Score:2, Interesting)

    by Anonymous Coward on Tuesday December 06, 2011 @10:37PM (#38287456)

    ...if you're going to follow up your "zero" day announcement to the world with a statement that your "fix" for this is to release a patch that is scheduled for release in a month or so from now. What, is patching out of cycle for a zero-day vuln suddenly against someones religion or something? That's about the only excuse that would seem somewhat sane (if you call organized religion sane) here.

    If I were one of those paranoid type of guys, I would say that Adobe wrote this fucking thing themselves, and was paid to do it by all of the major computer hardware vendors in order to create a massive wave of "broken" computers just in time for holiday sales.

    (Cue massive attack in 3...2...)

    That could never happen, right?

    Right?

    Uh...right?

  • Re:Look at the credits for Adobe Reader. (Score:2, Interesting)

    by pclminion ( 145572 ) on Tuesday December 06, 2011 @11:27PM (#38287720)
    I've been to Adobe's campus in San Jose and seen the place. There are many, many Indian engineers there, as is common throughout Silicon Valley. Ignorant fuck.

  • Re:Listed mitigation: Adobe Reader X Protected Mod (Score:2, Interesting)

    by MightyMartian ( 840721 ) on Wednesday December 07, 2011 @02:22AM (#38288446) Journal

    You're saying pulling from CRLs requires that many more megabytes?

    Let's be blunt here. Adobe Reader is an obscene piece of bloatware, packaged with all sorts of worthless cruft like the absolutely moronic download manager. I suspect that software developers who were actually interested in delivering a decent product rather than trying to push their vast library of even more bloated applications would try a little harder to bring the size of things down, if for no other reason than an abiding sense of shame at releasing such a gawdawful huge monster.

Slashdot Top Deals

An authority is a person who can tell you more about something than you really care to know.

Close