Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Adobe Finally Fixes Remote Launch 0-Day

kdawson posted more than 4 years ago | from the stay-safe-out-there dept.

Security 82

Trailrunner7 sends in this excerpt from Threatpost (Adobe announcement here): "Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac, and Unix users to malicious hacker attacks. The update, which affects Adobe Reader/Acrobat 9.3.2 and earlier versions, includes a fix for the outstanding PDF '/Launch' functionality social engineering attack vector that was disclosed by researcher Didier Stevens. As previously reported, Didier created a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities. The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file." Relatedly, Brian Krebs blogs about the downsides of Adobe's increasingly Byzantine update process.

Sorry! There are no comments related to the filter you selected.

It's not a 0-day anymore.... (4, Insightful)

snowraver1 (1052510) | more than 4 years ago | (#32737356)

Why is every unpatched exploit a 0-day attack? Wouldn't this be more like a multi-month exploit?

Re:It's not a 0-day anymore.... (1)

spazdor (902907) | more than 4 years ago | (#32737380)

I logged in to ask exactly this.

If a company patches 0-day exploits, their dev team is really on top of shit.

Re:It's not a 0-day anymore.... (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#32737532)

If a company patches 0-day exploits, their dev team is really on top of shit.

Or bumbling GENIUSES. Since the definition of a 0-day exploit is a vulnerability the developers don't know about.

Re:It's not a 0-day anymore.... (1)

spazdor (902907) | more than 4 years ago | (#32737624)

Nah, 0-day remains 0-day throughout the first ("zeroth") day in which it's released. So if the devs can get a patch out the door the same day that the exploit is first disclosed in public, it counts.

Re:It's not a 0-day anymore.... (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#32738060)

I don't know of any company that has managed to do that though. In most cases, they are aware of the exploit at least a day before patching it. I mean, I can't imagine finding a solution, implementing it, and fully testing it in under 24 hours. I CAN imagine finding a solution, implementing it, and pushing it out, but that's dangerous.

Re:It's not a 0-day anymore.... (2, Informative)

tomhudson (43916) | more than 4 years ago | (#32738340)

Not so hard to do with web platforms, where "pushing it out" means changing a file or two on a server.

Of course, we've seen (here on slashdot) what happens when you try to do that too often ... but most of us have probably been in a situation where we're told to shell into the box and manually edit a file "right now!!!" with a best-guess way to stop something from being a problem, even if it's only to disable certain functionality temporarily while you work out a real fix.

Re:It's not a 0-day anymore.... (3, Informative)

Darkness404 (1287218) | more than 4 years ago | (#32737410)

Because its an attack out in the wild that the developers didn't know about and before a patch can be shipped.

Was it ever a 0-day? (1)

SanityInAnarchy (655584) | more than 4 years ago | (#32738472)

I only saw a proof-of-concept. Have people actually been exploiting this?

Re:Was it ever a 0-day? (1)

drinkypoo (153816) | more than 4 years ago | (#32743294)

I only saw a proof-of-concept. Have people actually been exploiting this?

Further, there are 24 hours from first disclosure to the end of when you can call it a Zero-day exploit. But I think that you still get to call it a Zero-day exploit after days have passed.

Re:Was it ever a 0-day? (1)

chrisG23 (812077) | more than 4 years ago | (#32745362)

Yes. If you do a google search for CVE-1297 (going from memory here, the CVE number might be off (CVE's are the numbering scheme used by the Mitre organization. One of the things they do is publish details on exploits/vulnerabilities as they happen, and security people use them as a reference point)) zero day you will find some analysis that was done on a pdf found in the wild.

Re:It's not a 0-day anymore.... (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32737422)

Obligatory [goatkcd.com]

Re:It's not a 0-day anymore.... (0)

Anonymous Coward | more than 4 years ago | (#32739144)

that is evil

Re:It's not a 0-day anymore.... (0)

Anonymous Coward | more than 4 years ago | (#32737560)

IIRC, the /Launch functionality was in the PDF specification. So that would make this a "multi-year" or "was-there-all-the-time-just-no-one-cared-until-recently" vuln.

Re:It's not a 0-day anymore.... (5, Funny)

vawarayer (1035638) | more than 4 years ago | (#32737584)

Details in the PDF file attached to this e-mail.

Re:It's not a 0-day anymore.... (0, Redundant)

Jacked (785403) | more than 4 years ago | (#32737684)

I thought that was pretty funny. I don't have any mod points, so I'll just leave this reply, instead.

Re:It's not a 0-day anymore.... (1)

mcgrew (92797) | more than 4 years ago | (#32743130)

When I got up this morning and fired up the little netbook, I got a message saying that Adobe had an update -- but the thing wasn't even on the internet; there were no local wifi signals this morning.

I wonder if it's really the patch, or if the Adobe bug let someone in my box? I dread internet security updates, and wish that, with software I've paid for at least (not free stuff like PDF readers) they'd snail mail a CD to me.

Re:It's not a 0-day anymore.... (3, Informative)

Skuld-Chan (302449) | more than 4 years ago | (#32737782)

The difference is how much warning you get. Most of the security bugs Adobe fixes are found internally (you'll never hear about those - unless it greatly affects product functionality), and even those told to them externally by 3rd party researchers they usually get a several month lead time.

Zero day bugs are where some guy says "surprise look what I found" on his blog without any warning despite how long a bug takes to fix.

Re:It's not a 0-day anymore.... (3, Informative)

grcumb (781340) | more than 4 years ago | (#32738366)

Zero day bugs are where some guy says "surprise look what I found" on his blog without any warning despite how long a bug takes to fix.

No, zero-day exploits are are... (wait for it) actively exploited in the wild before the first 'look what I found' ever appears.

Re:It's not a 0-day anymore.... (1)

Skuld-Chan (302449) | more than 4 years ago | (#32738834)

Isn't that kinda what I said?

Re:It's not a 0-day anymore.... (2, Insightful)

lennier (44736) | more than 4 years ago | (#32739414)

Nope. Exploitation and disclosure are two completely different things.

If you've found an unpatched exploit and you're a black hat, are you going to blog to the whole world about it? Or quietly add it to your botnet kit without telling anyone?

If the second, it's a 0-day. No warning, no defense, no lead time, just blam, click the wrong web page, read the wrong email, or open the wrong PDF and you're rooted without knowing it.

Re:It's not a 0-day anymore.... (1)

grcumb (781340) | more than 4 years ago | (#32739428)

Isn't that kinda what I said?

No, that's kinda what you implied, but you left the door open for people to infer that you also meant that a zero-day was when a researcher announced a potential exploit without warning anyone else.

Re:It's not a 0-day anymore.... (1)

TangoMargarine (1617195) | more than 4 years ago | (#32737912)

Yes, I wish every exploit could just be called an exploit (sans "zero day" in front of everything) unless it's specifically 1) a vulnerability the company has chosen not to fix, or 2) a vulnerability some guy somewhere knew about but hadn't used in order to keep it valuable. It's like if we were to start calling Microsoft Office "Microsoft Office for Windows" incessantly. It's assumed, unless you're specifically on a Mac or running it in WINE or something.

I'm pretty sure. Amiright?

It is 0 day but Adobe isn't sane so... (1)

Ilgaz (86384) | more than 4 years ago | (#32738884)

Normally, a "0 day attack" accompanied with some black background, text like html page occuring means

1) Company doesn't take it serious and demonstrates their own case or explains why it is non issue for 99.9% (of course, add to fix list)

2) Company takes it serious (sends out an emergency hotfix which may remove functionality and not very tested but, it works until real thing ships)

As Adobe took it serious but didn't ship a God damn ".bat" file (yes, ms-dos .bat is enough) to remove the component which isn't actually used you got confused.

It is indeed a 0 day but, Adobe isn't a sane company anymore.

Re:It's not a 0-day anymore.... (0, Troll)

tanikaray24 (1845162) | more than 4 years ago | (#32741444)

Thank you all so much for your comments and support http://www.baiyokefactory.com/ [baiyokefactory.com]

fp (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32737388)

First pwnst

Still I don't know (-1, Troll)

s122604 (1018036) | more than 4 years ago | (#32737478)

What was the impact of this on an (otherwise) fully patched ubuntu machine, running flash, but not acrobat(not installed), in a non-admin account.
I have used my ubuntu machine at home to look at several questionable flash based websites in the last few weeks and want to know if I should format and re-install

Re:Still I don't know (2, Funny)

The MAZZTer (911996) | more than 4 years ago | (#32737566)

At first I thought you were just clueless, then I realized you were just a troll, now I'm just confused.

Re:Still I don't know (0, Troll)

s122604 (1018036) | more than 4 years ago | (#32737614)

Clueless (about this), not a troll, I truly just don't know.

If I have flash plugins installed, but not acrobat, and I did my browsing in an account without admin privileges, how vulnerable would I have been?
If you can't answer, perhaps you are clueless as well?

Re:Still I don't know (1)

Teun (17872) | more than 4 years ago | (#32737778)

You are clueless, what does Flash have, except the brand name Adobe, in common with Acrobat Reader?

Anyhow, would this have been a Flash vulnerability it could have affected the account you work in.

Re:Still I don't know (1)

mcgrew (92797) | more than 4 years ago | (#32744164)

He's trying to be funny. Not sure if he's succeeding (I was up late last night and my cerebral cortex is malfunctioning this morning).

Re:Still I don't know (2, Informative)

xie (722634) | more than 4 years ago | (#32737604)

You would have to be running pre-10.1 version of flash first. Then the exploit would have to force your system to execute code that was written for *nix. Since Windows is the majority of the market I doubt anyone has taken the time to write such code for this exploit. I think your safe. :)

Re:Still I don't know (1)

Teun (17872) | more than 4 years ago | (#32737832)

Doh! What does an Acrobat Reader vulnerability have to do with Flash?

Re:Still I don't know (3, Informative)

lgw (121541) | more than 4 years ago | (#32738158)

Apparantly, the same vulnerability existed in both products (Flash was patched a couple of weeks ago). I'm not sure how that works - I thought this was the vulnerability inherent in the PDF spec (Foxit had a patch out the same week this was disclosed).

Re:Still I don't know (1)

s122604 (1018036) | more than 4 years ago | (#32738664)

Thank you for the kind explanation

I still don't understand why I was modded down to troll, twice
my question wasn't intended to offend/inflame anyone, but apparently it did

Re:Still I don't know (1)

ThatsNotPudding (1045640) | more than 4 years ago | (#32742598)

Apparently, the same vulnerability existed in both products (Flash was patched a couple of weeks ago). I'm not sure how that works

Because both were built upon the same solid Adobe bedrock of swiss cheese, spaghetti code, and apathy.

Re:Still I don't know (1)

lgw (121541) | more than 4 years ago | (#32747886)

I think it's mostly the apathy. PDF was really great when it was new, and really was a page description format not a web portal. Far beteter than sending ps files to the printer when it took 10 mintues per page just to send the bits. Adobe pisses me off so much because they used to be genuinely innovative and useful.

Re:Still I don't know (0)

Anonymous Coward | more than 4 years ago | (#32743850)

Apparently you aren't as smart as you think you are, asshole

Re:Still I don't know (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32737728)

Don't get fooled into thinking a non-admin account is safe. Sure, unless you're root they probably can't set up a mail server, but check out all the files in your Documents directory. See anything the has financial information? Maybe a password list (encrypted or not)? How about email, do you store it on your computer? Do you use your browser to access any useful websites like email or banking sites? If you create a dummy account with highly restricted access (ie, you know what you're doing) you can protect yourself pretty well. Running a VM you never use for anything important is even better. Being complacent and thinking they'll never write a virus for Linux is a recipe for disaster (Google Gentoo malware, Unreal IRC malware, etc. and see how malware made it into REPOSITORIES let alone can be installed as a trojan).

Re:Still I don't know (1)

LordLimecat (1103839) | more than 4 years ago | (#32739796)

Sure, unless you're root they probably can't set up a mail server,

Whys that exactly? Does opening sockets require admin now?

Re:Still I don't know (1)

Dog-Cow (21281) | more than 4 years ago | (#32740070)

In Unix, for port 25? Yes.

Re:Still I don't know (1)

Tim C (15259) | more than 4 years ago | (#32741092)

But since when did a botnet node's mail server have to listen on port 25?

Re:Still I don't know (1)

Achromatic1978 (916097) | more than 4 years ago | (#32741388)

Why would a botnet node be running a mail server?

For spam, it could receive encrypted email through an RPC or other socket, and run an SMTP client.

Seriously, I think the first RBL check 99% of mail servers out there do is for "is originating SMTP server on a dynamic or residential connection".

Re:Still I don't know (1)

sitharus (451656) | more than 4 years ago | (#32737784)

As this is an issue in Adobe Acrobat and Adobe Reader and you don't have either of them installed, you're not affected by this bug. It's very hard for software you don't have installed to cause problems.

There are other bugs in Flash though, they may cause problems, but this isn't one of them.

Re:Still I don't know (1)

chill (34294) | more than 4 years ago | (#32742410)

As this is an issue in Adobe Acrobat and Adobe Reader and you don't have either of them installed, you're not affected by this bug.

Would that this were so. One of the issues was with the PDF spec itself. Other PDF tools, such as Fox-It, were affected as well and patched recently.

Re:Still I don't know (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#32737950)

I have used my ubuntu machine at home to look at several questionable flash based websites in the last few weeks

Well... Umm... You see, this fix has nothing to do with Flash, it's entirely in Adobe Reader...

But... Perhaps you should do a scan just in case. I'm not sure how questionable the sites you visit actually are, but if they are half as questionable as the sites I visit, you probably caught Erectile Dysfunction or something from just looking at it.

Re:Still I don't know (1)

mcgrew (92797) | more than 4 years ago | (#32745010)

Check your email, I'm sure you can find some cheap v1agra.

Another PDF reader (1, Informative)

Anonymous Coward | more than 4 years ago | (#32737522)

Missing from the summary is gsview. It makes a very secure pdf reader that works on windows, although it certainly isn't anything nice to look at. Uses ghostscript for the backend.

I don't get it... (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32737524)

Why do people still use pieces of trash like Opera or Firefox or Chrome when Microsoft has shown that IE9 is the most HTML5 compliant browser out there [microsoft.com] . This paired with IE9's unparalleled record of security means that the only people still using these "alternative browsers" are ideologues or Loonix faggots.

Re:I don't get it... (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32737656)

I am disapproving payment for that post, too trollish and way to obvious.
Three more like that and we will have to review your employment agreement.

Re:I don't get it... (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32737826)

Sorry, Linus. I didn't mean to let down the Linux Foundation.

Re:I don't get it... (1)

colinrichardday (768814) | more than 4 years ago | (#32738724)

I didn't see any MathML tests, and Firefox supports MathML rather well.

The Microsoft Word of PDF viewers (5, Informative)

MacCoder (1800034) | more than 4 years ago | (#32737600)

For the 90% of us who don't require all the minutiae of functionality and cruft which Adobe Reader offers, there are options. Obviously Mac folk are covered by Apple's built in Preview, but on Windows, Sumatra PDF is amazing and ridiculously small. It's better than Foxit, in my opinion, for barebones PDF viewing in Windows. Check it out! http://blog.kowalczyk.info/software/sumatrapdf/index.html [kowalczyk.info]

Re:The Microsoft Word of PDF viewers (1)

MobileTatsu-NJG (946591) | more than 4 years ago | (#32737828)

Seconded. I use a portable version of it found at portableapps.com. We've found that to be friendly at places that don't let you have admin access to your machine for things like installs.

Thanks, but no thanks. (1)

mapuche (41699) | more than 4 years ago | (#32737938)

Thanks for the link. Comparing some documents side by side between Foxit and SumatraPDF, Sumatra rendering has some issues with gamma and images. Text rendering is a little better in Foxit. I can live with the yellow blank starting page, though.

Re:Thanks, but no thanks. (1)

drinkypoo (153816) | more than 4 years ago | (#32743522)

SumatraPDF fills a nice niche. If you hardly ever use Windows, it is sufficient for most purposes (occasional PDF viewing.) I have three windows systems which I use for gaming and stuff like that (e.g. a netbook which runs streets and trips; there's no good Linux navigation software.) They all have SumatraPDF and I've never been unable to read anything I've opened with.

It has long since gotten to the point where PDF is easier to deal with on Linux than Windows. Especially since if you really have to, you can run acroread, but there are so many valid competitors that I haven't needed to in years.

Re:The Microsoft Word of PDF viewers (1)

FinchWorld (845331) | more than 4 years ago | (#32738012)

I've always had issues with sumatra, it seems to render some datasheets incorrectly, every now and again it'll consume 100MB+ ram, though that goes away when closing reopening pdfs, but most annoying is it'll happly stretch and print landscape documents on portrait (though you told it not too) and create several megabyte files to send to the xerox (which it really doesn't like).

Im having better look with foxit, even if it isn't as light weight.

Re:The Microsoft Word of PDF viewers (3, Interesting)

lgw (121541) | more than 4 years ago | (#32738212)

Sadly, my employer has chosen a payroll provider (ADP) that requires Adobe Reader specifically to view paystubs. Foxit won't work, nor will any of the other options (apparantly Acrobat has some stupid web toolbar option that's beyond PDF). Why would anyone do that? Now when I need to see my paystub I have to download 200MB of Adobe cruft, then later uninstall it along with Adobe Download Manager and a bunch of other crap that Adobe stuffs in along the way. Man, I hate Adobe these days.

Re:The Microsoft Word of PDF viewers (1)

laptop006 (37721) | more than 4 years ago | (#32740048)

Mine uses ADP as well, but Evince on Linux works fine for me.

Re:The Microsoft Word of PDF viewers (1)

tehcyder (746570) | more than 4 years ago | (#32743528)

Wouldn't it be easier just to get them to print it out and post (snail mail) it to you?

Re:The Microsoft Word of PDF viewers (1)

lgw (121541) | more than 4 years ago | (#32747852)

That doesn't seem to be an option. Having them printed out and sent to the receptionist for hand distribution didn't fill me with joy.

Re:The Microsoft Word of PDF viewers (1)

glwtta (532858) | more than 4 years ago | (#32738636)

I'm not seeing how it's better than Foxit. Rendering seems to be slower, for one thing. And the minimalist tool bar is great and everything, but having the zoom control buttons accessible in one click is handy (or to put it another way, hiding them in a menu is annoying). No tabs, either.

Re:The Microsoft Word of PDF viewers (1)

Zadaz (950521) | more than 4 years ago | (#32740156)

Ever since Google put a PDF reader in Chrome it's been all I need for most things. Simple, fast, no cruft.

(To use it you need the dev version of Chrome. To enable it go to chrome://plugins/ and click on "Enable" for the "Chrome PDF Viewer" plug-in.)

Any good reader for Win98? (1)

UBfusion (1303959) | more than 4 years ago | (#32750908)

Thanks for bringing up Sumatra - do you happen to know any good pdf viewer for windows 98? (I tried Foxit 2.x but it's buggy as hell in win98).

I Uninstalled Adobe Reader (1)

puppetman (131489) | more than 4 years ago | (#32737702)

after reading the summary and the Brian Krebs blog. I realized that Adobe is shipping a buggy, risky piece of software.

I installed Foxit Reader (minus the Ask.com search bar)..

It seems much snappier, and is significantly smaller.

Re:I Uninstalled Adobe Reader (3, Informative)

Skuld-Chan (302449) | more than 4 years ago | (#32737804)

It's not like Foxit is completely without security flaws either.

Re:I Uninstalled Adobe Reader (4, Informative)

Skuld-Chan (302449) | more than 4 years ago | (#32737818)

And doing just a bit of research - Foxit only fixed this exact same bug 2 weeks earlier than Adobe.

Re:I Uninstalled Adobe Reader (0)

Anonymous Coward | more than 4 years ago | (#32738696)

The Krebs article has several inaccuracies, at least for 9.x (can't remember for 8.x):

- There is no need to update from the Adobe web site unless you're upgrading major versions. Acrobat.com is a trivial opt-out (wish it was opt-in instead, but no way would Adobe do that). I don't know of any way to apply patches (MSP files) like 9.3.3 via the Adobe web site, except by navigating (eventually) to the list of available downloads, which few end-users would ever need to do.

- I don't recall any check for a "security scanner or a toolbar", and I would know if I were forced to install that crap, because I despise that kind of thing. I assume it was an easy opt-out at worst.

- The user doesn't have to download the Adobe Download Manager. It is installed with any "full" installation of Adobe Reader, and it updates itself automatically when run.

- Adobe provides the software for free, and he wants to bitch about ads in the new Updater? I don't like the ads either, but it's not unreasonable for a commercial company to try to get some business off a free product. It's not like they pop-up in the middle of reading a PDF, it's just during an update (although guaranteed to be frequent due to all the security problems).

- He's right that Adobe Reader is at 9.3.0, but he's wrong about needing one update for 9.3.3. It actually needs two patches, because the 9.3.3 patch only installs over 9.3.2. So the 9.3.2 patch must be applied first (it installs over 9.3.0 & 9.3.1). The new Updater might streamline that now, but it hasn't been able to do so in the past.

- The user doesn't have to wait "a minute or two for the Reader Update icon to appear in the Windows taskbar". The user can easily check for updates via a menu entry, just like current versions of Firefox, FileZilla, and a host of other apps. If they don't, the Updater will remind them (from the taskbar), unless the user has disabled update checking.

He's right to complain about the reboots, though. It's basically a file viewer - patches shouldn't require a reboot unless some plug-in portion of it is loaded in a browser or other running application. The reboot requirement is ridiculous.

Some of his other complaints are reasonable, but if Krebs is this sloppy with something as simple as Adobe Reader patches, I think I'll be skipping his blog.

- T

P.S.: The captcha was "rectum". No shit.

Re:I Uninstalled Adobe Reader (1)

ozphx (1061292) | more than 4 years ago | (#32739860)

I did this. I also uninstalled Java after getting pwned by that crap that breaks out the sandbox and manages to set your proxy to loopback before crapping on about all the "viruses" you are infected with.

Seriously only going to use addins that run in-process now - at least I slightly trust the CreateRestrictedToken API that IE8/Chrome use for tab processes.

MSP installer (4, Informative)

darthservo (942083) | more than 4 years ago | (#32738046)

The MSP Installer [adobe.com] is also available for those who may use Adobe Reader in silent installs/updates.

Side rant: Why does Adobe still only offer the unpatched versions of Reader on their front page?

Re:MSP installer (1)

jo42 (227475) | more than 4 years ago | (#32739086)

In the past, we delivered Adobe Reader updates as full installers or patches (for instance, 9.x = full installer, 9.x.y = patch). The Adobe Reader Download Center at http://get.adobe.com/reader [adobe.com] always offers the most recent full installer of Adobe Reader, which is currently Adobe Reader 9.3. After installation, the Adobe Reader Updater will automatically check and offer the latest patches to keep end-users up-to-date (as of today, the latest patch is Adobe Reader 9.3.3).

What a bunch of incompetent ass clowns. They can't even offer up a downloaded-able 9.3.3 install yet. You have to do it in two stages. If I was running the show, the people that crapped out this dung-pile would be looking for work tomorrow morning.

Re:MSP installer (1)

Jesus_666 (702802) | more than 4 years ago | (#32742262)

What do you expect? This is Adobe we're talking about. Their name has been translating to "half-assed software development" for the last couple years.

Re:MSP installer (0)

Anonymous Coward | more than 4 years ago | (#32742514)

Can't? Or won't, so that you have to install their "Download Center", "Reader Updater" and all that other unnecessary crap?

:( multi-step update (1)

Arakageeta (671142) | more than 4 years ago | (#32738370)

Ugh. I just updated on my Mac running 10.6.4. It looks like Adobe is still distributing Reader 9.3.0 as the default distribution package. I had to download/install this version and then apply individual patches for 9.3.1, 9.3.2, and finally 9.3.3. Annoying.

Perhaps it would have been easier had I updated from within Reader?

Worse on 10.5.8/PPC (1)

Ilgaz (86384) | more than 4 years ago | (#32738818)

This time, whatever these idiots did, the jump from 9.3.0 to 9.3.3 doesn't work at all. It may have something to do with the idiotic "repair adobe pdf viewer" plugin dialogue, which has no title and opens at background, unclickable.

Idiots (hopefully they read) still install Adobe Updater to Utilities but they were lazy to feed it with data so, the dedicated (and working) Updater doesn't work too. Of course, it is still added to launchd per user schedule.

Man how worse you can get? I mean, I am not like those "Use Preview" guys, I actually hate that Quartz shell and I am in process of uninstalling all traces of Acrobat on my entire network for the first time since 1994. You should be glad you run Intel Mac, I actually have 10.4.11 and "Classic" emulating capability. Just yesterday, I launched the Classic/Adobe Reader (5) and was ashamed on behalf of them. That was some real cool, quality software on Mac it seems.

A user uninstalling and giving up Adobe Reader for the first time since 1994, I hope they will lay off Apple/Mac developer team first while going down.

Thank God Apple has some kind of X11 and I actually plan to use kpdf or even xpdf on this Mac Mini which has special needs (connected to 720P).

IMHO they should pray Steve Jobs doesn't have Adobe Reader on his system.

is this distributed through windows update? (1, Funny)

Anonymous Coward | more than 4 years ago | (#32738436)

is it? oh shit

Thanks for the fix, adobe (0, Offtopic)

eudaemon (320983) | more than 4 years ago | (#32739220)

I appreciate they probably had some QA to do in order to release this puppy and it took a while, but I loaded Evince [gnome.org] , un-installed flash and called it a day. If you can't see it on youtube using their HTML 5 beta [youtube.com] then that's a real good time to boot up Linux even if it's just in Xen [xen.org] or Oracle/Sun Virtualbox [virtualbox.org] running on Windows. It works just fine for web browsing and less zero day exploits.

Horray! (1)

Zadaz (950521) | more than 4 years ago | (#32740132)

It's been nearly a week since I updated Reader! About time for another download install and unnecessary reboot!

Every single time Reader/Acrobat updates it resets its self as the default viewer. That's completely inappropriate behavior, especially for a 'security update'. (And no, I can't uninstall it. Job requires proofing PDF in Reader just like all my poor clients.)

I saw/overheard this in a bar recently (seriously):
Girl: So where do you work?
Guy: Adobe.
Girl: Oh yeah, you're the guys always asking me to update and reboot. *walks away*

Re:Horray! (1)

Tteddo (543485) | more than 4 years ago | (#32743384)

Hah! I had a client tell me about a problem with the font size on their website (it's already dynamic, set at 1em). His proof was that the person that complained worked for Adobe. Yeah, you know that Reader thing that bugs you all the time? That's Adobe.

Adobe, stop forcing restarts (1)

scdeimos (632778) | more than 4 years ago | (#32740198)

When using ExitWindowsEx() at the end of your patch install, don't use the damned EWX_FORCE flag. It doesn't even give users enough time to respond to the "Save? Yes/No/Cancel" dialogs popping-up before the applications are kill -9'd and users lose all their unsaved data.

Re:Adobe, stop forcing restarts (1)

butlerm (3112) | more than 4 years ago | (#32748828)

If the Windows developers had a clue, they would make it so that application developers could update their software without requiring a reboot much of the time. Reboot intervals should be measured in years, not hours.

The Windows mandatory file locking scheme is brain damaged. Windows filesystems need to support a mode where a file can be replaced (Unix style) without disturbing people who currently have a file open for read only access (like running executables, for example).

About freakin time (1)

hesaigo999ca (786966) | more than 4 years ago | (#32742936)

It's about time, however there are still a few more exploits that have not been addressed....until these have been fixed too, i am sticking to fox it pdf reader....

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?