IMPORTANT - Critical PDF Vulnerability

Status
Not open for further replies.
E

Error404

Guest
Highly Critical PDF Vulnerability - A patch is not yet available - Softpedia

As of current, anyone who frequently uses Adobe Acrobat Reader to read and load PDFs should be on high alert.

A major vulnerability has been discovered that allows malicious code to be used via a PDF file, this code can do most anything from installing a keylogger to taking over your system. Despite what some website say, disabling Javascript will NOT protect you against the vulnerability.

A patch is due in two weeks or so but as of right now, this is a method being used by all the most educated hackers (And some script kiddies!) so, if you're the sort that googles for information, be sure to check the end of the link for the .PDF extension. If it's a site you don't recognise then just don't click it!

All the best and here's to not being compromised!

I'll be frequently bumping this, and would appreciate it being stickied until the issue is resolved.

Thanks for your time and stay safe!

E404~<3
 

recovery

Est. Contributor
Messages
1,234
Role
Other
On my window machines I tend to use Foxit Reader. And Excuse my ignorance when I say I don't know what is being used on Ubuntu as "Document Reader". I never looked into it.

But I've always been cautious of PDF files and grab them from known sauces. Mostly Uni published works.

Did they publish a new version yesterday? So wouldn't it be that version that is vulnerable. Not Older ones? I could look more into it. But I haven't got much time for that I'm afraid. :(
 
Messages
3,353
Role
Private
I picked this up on slashdot a while ago; it seems like maybe Friday or Saturday.

Long story short (and this makes Adobe look BAD):
  1. Adobe knows. Won't release a patch for it until April (I think it was).
  2. Some random Internet guy makes work-around patch and posts it.
  3. Adobe response seems to be: *blink* "Meh." *shrug*

I'll attach the story as a PDF if you'd like...
 
E

Error404

Guest
I picked this up on slashdot a while ago; it seems like maybe Friday or Saturday.

Long story short (and this makes Adobe look BAD):
  1. Adobe knows. Won't release a patch for it until April (I think it was).
  2. Some random Internet guy makes work-around patch and posts it.
  3. Adobe response seems to be: *blink* "Meh." *shrug*

I'll attach the story as a PDF if you'd like...
Yeah, Adobe has lost all my respect.

The third party patch is only for version...7 though, I think it was.
 

Darkfinn

Banned
Messages
3,676
Role
Diaper Lover, Incontinent,
Umm... you guys do know that this particular article is dated JANUARY 2007.

A bit old... don't you think?

Let's not go around spreading unnecessary panic.
 

Donnie

Est. Contributor
Messages
215
Role
Adult Baby, Diaper Lover, Babyfur, Diaperfur, , Carer
Umm... you guys do know that this particular article is dated JANUARY 2007.

A bit old... don't you think?

Let's not go around spreading unnecessary panic.
Why's it a sticky?
 

Nexeon

Est. Contributor
Messages
923
Role
Private
Umm... you guys do know that this particular article is dated JANUARY 2007.

A bit old... don't you think?

Let's not go around spreading unnecessary panic.
There actually is a vulnerability thing going on right now. He probaby just accidentally posted a link from an old attack and didn't notice when he was looking for a good link to post. Here's a link to one dated Feb 20, 2009:

Adobe Warns Of Critical Vulnerability In Acrobat, Reader

According to that article Adobe plans to release a patch by March 11th.
 
E

Error404

Guest
There actually is a vulnerability thing going on right now. He probaby just accidentally posted a link from an old attack and didn't notice when he was looking for a good link to post. Here's a link to one dated Feb 20, 2009:

Adobe Warns Of Critical Vulnerability In Acrobat, Reader

According to that article Adobe plans to release a patch by March 11th.
My bad.

Though the article pretty much does address the same thing, strangely enough.
 

recovery

Est. Contributor
Messages
1,234
Role
Other
My bad.

Though the article pretty much does address the same thing, strangely enough.
I was going to comment it, but this isn't the first time. But I despise PDFs anyway. So I couldn't care anyhoo, unless I wanted to be mean. But I don't have any real motives to do so. :p
 
Messages
3,353
Role
Private
But I despise PDFs anyway. So I couldn't care anyhoo, unless I wanted to be mean.
It's going to be difficult to get away from PDFs. "Pixel-Perfect" publication is VERY important, especially when you an guarantee this across platforms.

What alternative for this have you found[1]? If none ... then we're locked into PDFs, like 'em or not.

[1]TeX and LaTeX aside.
 
E

Error404

Guest
It's going to be difficult to get away from PDFs. "Pixel-Perfect" publication is VERY important, especially when you an guarantee this across platforms.

What alternative for this have you found[1]? If none ... then we're locked into PDFs, like 'em or not.

[1]TeX and LaTeX aside.
There IS .lit, but as far as I'm aware, it's MS only. I may be wrong though as I've not looked into it.

Not much uses .lit anyhow.
 

Nexeon

Est. Contributor
Messages
923
Role
Private
My bad.

Though the article pretty much does address the same thing, strangely enough.
Yah, I noticed that they were pretty much the same also. People just didn't like the old link, thinking it's old news. So I figured I'd post an up to date link before the thread got out of hand.
 
E

Error404

Guest
Yah, I noticed that they were pretty much the same also. People just didn't like the old link, thinking it's old news. So I figured I'd post an up to date link before the thread got out of hand.
Thanks. I appreciate it.
 

babibear

Est. Contributor
Messages
445
Role
Private
There IS .lit, but as far as I'm aware, it's MS only. I may be wrong though as I've not looked into it.

Not much uses .lit anyhow.
Ahh, not MS compressed HTML-Help.

Burn it, burn it with fire! :smile1:
 
Status
Not open for further replies.
Top