Security Holes Found in Adobe Reader

BrandiCandi · Aug 20, 2012

http://www.h-online.com/open/news/i...obe-Reader-particularly-on-Linux-1668153.html

On its August Patch Day, Adobe has fixed numerous critical memory-related bugs in Reader for Windows and Mac OS X – but has chosen to overlook Linux users. The researchers who discovered the holes now fear that potential attackers could find enough clues to build an exploit by comparing the current Windows version of Reader with the previous one. This would leave Linux users defenceless. On top of that, even the patched versions still contain a total of 16 open security holes.
...
The Google employees therefore recommend that users refrain from opening any PDF documents from external sources in Adobe Reader. Those who use a browser other than Chrome can protect themselves by disabling the Reader's browser extension. The extension allows the holes to be exploited with a simple visit to a specially crafted web page.

Windows users who still use version 9 of Reader have been advised to upgrade to Adobe Reader X, because this version contains a sandbox that makes exploiting the holes more difficult.
Click to expand...

This seems a bit FUD-ish. Has anyone analyzed this bit of news?

edit: reading the comments on the article seem to indicate that the malicious pdfs would only execute in Windows (unless you've got Wine), so it's not the concern to Linux users as it is made out to be.

ronjor · Aug 20, 2012

Posted here. https://www.wilderssecurity.com/showthread.php?t=330318

Log in or Sign up

Security Holes Found in Adobe Reader

BrandiCandi Guest

ronjor Global Moderator

Log in or Sign up

Security Holes Found in Adobe Reader

BrandiCandi Guest

ronjor Global Moderator

Useful Searches