Got Adobe Reader? Worry.

  • Thread starter Thread starter Alias
  • Start date Start date
Mike said:
And as Adobe will not fix the problem immediately, now would be a good
time to dump Adobe Reader for Foxit, yes?
Click to expand...

With that logic, now would be a good time to dump Windows for Ubuntu, yes?

Alias
 
Mike said:
And as Adobe will not fix the problem immediately, now would be a good
time to dump Adobe Reader for Foxit, yes?
Click to expand...

I don't have a preference as to which application a user chooses to use.
That's not the issue. If there's a security vulnerability in an
application (or an OS), people need to be informed. Your comment about
the flaw requiring "conditions...beyond reasonable use..." to be
exploited was dismissive (and inaccurate). Some users may prefer to
wait for a patch from Adobe rather than change applications, but at
least they can do so knowing the potential risk.

I don't always agree with Alias, but I do in this case that your logic
is flawed. Do you recall the WMF exploit? Microsoft sat on its hands
for quite some time on that one to the point that non-MS vendors issued
patches to protect users while MS got its act together. Using your
logic, everyone should have switched to another OS.

At least Adobe acknowledged the problem and took some action.

http://blogs.adobe.com/psirt/
 
TomV said:
I don't have a preference as to which application a user chooses to use.
That's not the issue. If there's a security vulnerability in an
application (or an OS), people need to be informed. Your comment about
the flaw requiring "conditions...beyond reasonable use..." to be exploited
was dismissive (and inaccurate). Some users may prefer to wait for a
patch from Adobe rather than change applications, but at least they can do
so knowing the potential risk.

I don't always agree with Alias, but I do in this case that your logic is
flawed. Do you recall the WMF exploit? Microsoft sat on its hands for
quite some time on that one to the point that non-MS vendors issued
patches to protect users while MS got its act together. Using your logic,
everyone should have switched to another OS.

At least Adobe acknowledged the problem and took some action.

http://blogs.adobe.com/psirt/
Click to expand...


They didn't sit on their hands. They put out a work around almost
immediately, and others created patches which would stop the exploit.
Microsoft released an official patch for it five days before the date that
they had set..
 
Mike said:
They didn't sit on their hands. They put out a work around almost
immediately, and others created patches which would stop the exploit.
Microsoft released an official patch for it five days before the date
that they had set..
Click to expand...

Clearly we have a difference of opinion. So be it.
 
Mike Hall - MVP said:
And as Adobe will not fix the problem immediately, now would be a good time
to dump Adobe Reader for Foxit, yes?
Click to expand...

I had installed another alternative - a new one on the scene
(SumatraPDF) - when that problem was first announced and then
completely forgot that it was even on my system until this discussion
popped up.

Of the alternatives, Foxit is probably the best (I've uninstalled
Sumatra after comparing the two).

When Adobe gets the reader fix in, I go back to using it as the
default (I have Acrobat 8.1 Standard on the system as well).
 
Mike said:
And as Adobe will not fix the problem immediately, now would be a good
time to dump Adobe Reader for Foxit, yes?
Click to expand...

If you're using Foxit, you may want to update that as well.

Foxit Reader V3.0 Build 1506 released March 9, 2009

Vulnerabilities Fixed:

* Fixed the issue of stack-based buffer overflow.

* Fixed the issue of security authorization bypass.

* Fixed the issue of JBIG2 Symbol Dictionary Processing

http://www.foxitsoftware.com/pdf/reader/security.htm

http://www.foxitsoftware.com/downloads/
 
Back
Top