Adobe PDF Patch Plugs Data Leak Threat
Over the weekend I opened an Adobe PDF document and was greeted with a notice urging me to download an update that fixes some security problems with Adobe Reader, so naturally I immediately responded.
First off, kudos to Adobe: Unlike so many software patches that force you to choose between using the product and applying the latest update, Adobe didn't require me to quit the documents I was reading while it was installing the patch. It did restart Reader afterward, but to Adobe's credit, it promptly re-displayed the documents I'd been working on.
If I had one minor quibble with the whole update process, it would be that the updater kept bugging me to approve different things. I swear it must have prompted me to approve changes to the program at least a dozen times during the update.
According to Adobe, the latest version gets rid of a fairly serious security flaw. By convincing a target to download a specially crafted PDF document, attackers could "discover the existence of local files," -- i.e., read documents on the victim's computer. Adobe says that threat is minimized because the attacker would have to know the exact name and location of the files he was searching for to be able to leverage the security flaw.
By the way, if you browse the Web using Mozilla's Firefox Web browser and have always had trouble loading PDF documents, you might consider following the advice here to fix the problem. Just scroll down to the question in the FAQ that reads "Why do Adobe pdf files load slowly in Windows?" For the longest time I put off researching a tweak for this problem. Mozilla says it's because Adobe Reader for Windows loads lots of unused plugins on startup.
Posted by: Anonymous | June 20, 2005 1:53 PM | Report abuse
Posted by: Agathon | June 21, 2005 1:29 AM | Report abuse
Posted by: Ruben | June 21, 2005 11:15 AM | Report abuse
Posted by: Ruben | June 21, 2005 11:17 AM | Report abuse
Posted by: D. Taylor | June 21, 2005 1:35 PM | Report abuse
Posted by: Flo | June 21, 2005 2:47 PM | Report abuse
Posted by: Marcus | June 22, 2005 7:58 PM | Report abuse
Posted by: patches | July 9, 2005 1:43 PM | Report abuse
The comments to this entry are closed.