Giveaway: Bracketron Case If outdoor adventures are in your future this summer, enter to win a Bracketron Sport Case with Mount Strap from MacNN and keep that iPhone, iPod or other electronic device safe from the elements.      
toggle

AAPL Stock: 443.86 ( -10.88 )

http://www.macnn.com/articles/08/06/25/adobe.fixes.acrobat.hole/

Adobe fixes critical Acrobat security flaw

updated 02:25 am EDT, Wed June 25, 2008

 

Adobe fixes Acrobat hole


Adobe on Monday released patches for Acrobat and its free Reader equivalent to fix a security hole that could leave Mac and Windows computers susceptible to control at the hands of a malicious remote user. Computerworld writes that the "critical" vulnerability has existed in several incarnations of the v8.x.x Acrobat software, but does not apply to users of Acrobat 7.1.0. The patch comes after criticism over Adobe's vague mention of vulnerability fixes in a recent update, as several past JavaScript bugs resurfaced, leaving many users affected.

"Adobe has an epidemic with regards to JavaScript," noted Andrew Storms, director of security operations at nCircle Network Security. "With this many JavaScript bugs in Acrobat, one begins to ask questions. Why would a full, thick application like Acrobat need to be using JavaScript, especially when JavaScript in the browser has historically been a target for hackers? And since JavaScript has been a target for so many years, why hasn't Adobe flushed out these vulnerabilities already?"


by MacNN Staff

Post tools:

TAGS :

 security, software, Windows, Adobe, Acrobat, Mac

Related Articles

Recent Articles

toggle

Comments

  1. Guest

    Fresh-Faced Recruit

    Joined: Nov 1999

    +3
    06/25, 03:02am | report spam | Reply |

    what's stupid is...

    that Acrobat Reader is now over 100 Mb. Just to "read" PDFs. It used to be that it was decent, but now it's complete bloatware.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -2
    06/25, 08:06am | report spam | Reply |

    yeah!

    The patch comes after criticism over Adobe's vague mention of vulnerability fixes in a recent update, as several past JavaScript bugs resurfaced, leaving many users affected.

    They should take lessons from Apple and learn how to document their fixes!

    And I didn't even know Adobe had support for javascript, nor any idea what in the world one would need it for. Is this like one of those lame-a** ideas from the 90's where email software makers added javascript support to email content because it would be 'cool'?

  1. 64stang06

    Mac Elite

    Joined: Aug 2007

    +3
    06/25, 08:53am | report spam | Reply |

    Alternatives

    There's always Preview for basic PDF viewing, or another free alternative is Skim. (http://www.macupdate.com/info.php/id/24590/skim)

  1. 64stang06

    Mac Elite

    Joined: Aug 2007

    -1
    06/25, 08:53am | report spam | Reply |

    Alternatives

    There's always Preview for basic PDF viewing, or another free alternative is [url="http://www.macupdate.com/info.php/id/24590/skim"]Skim[/url]

    (http://www.macupdate.com/info.php/id/24590/skim)

  1. 64stang06

    Mac Elite

    Joined: Aug 2007

    +1
    06/25, 08:53am | report spam | Reply |

    Nevermind

    I have horrible button clicking skills it seems.

  1. JeffHarris

    Fresh-Faced Recruit

    Joined: Oct 1999

    +2
    06/25, 09:35am | report spam | Reply |

    What, no LINK?

    An article about a "critical vulnerability" and NO LINK for the patch.

    How useful.

  1. shawnde

    Fresh-Faced Recruit

    Joined: Apr 2008

    +1
    06/25, 12:34pm | report spam | Reply |

    re: Yeah (@ testudo)

    Adobe has Javascript support in all their applications. It was their solution to cross-platform application scripting and automation. In fact they use ECMA-262 which is a superset of Javascript.

    Adobe uses the Qt development platform for building cross-platform applications (well probably until recently), and Qt comes with a pre-built Javascript compiler and stack for automation and application scripting. So they probably just incorporated that engine.

    And Javascript is not as bad as it's made out to be. It's a very powerful language, and if implemented correctly, quite secure. Without Javascript, the web wouldn't exist.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

Samsung Galaxy S 4

Samsung's new flagship Android smartphone, the Galaxy S 4, faces even stiffer competition than its popular predecessor. With a five-in ...

toggle

Most Commented

 

Popular News