Adobe Warns of Security Flaw in Reader 20
isusmiley writes "Adobe Systems Inc. issued a warning on its Web site Tuesday saying that the flaw affects only the Adobe Reader versions 5.0.9, 5.0.10, which were written for the Unix computer operating system. Adobe has since posted a fix for the vulnerability on its site, and a spokesman said Wednesday he was unaware of any security breaches resulting from the software flaw, which was discovered by the security defense firm IDefense, headquartered in Reston, Va."
Note (Score:3, Funny)
So much for 2005 being The Year Of AIX On The Desktop!
Oh good (Score:3, Interesting)
That's progress. Of a sort.
Re:Oh good (Score:3, Interesting)
Just remember... (Score:4, Informative)
I would also suggest lobbying the UN to have Javascript declared a crime against humantiy, but that might take longer to be effective.
Re:Just remember... (Score:1)
Re:Just remember... (Score:2)
Re:Just remember... (Score:1)
Re:Just remember... (Score:2)
I didn't know anyone (Score:2)
I'll see your flaw, and raise you DRM (Score:5, Interesting)
Two words: Show me .
Prove that the "flaw" exists. Just saying "Clicking on the whatchamacallit causes bad things to happen, please upgrade." isn't enough.
Show me that this isn't some FUD to force users to upgrade to a version that isn't riddled with the latest DRM that they "forgot" to put into those versions?
Show me that this version doesn't fix a vulnerability that exposes passwords in PDFs read with it.
Show me that this isn't more ass-covering by Adobe, again.
Until then, xpdf, gpdf and other non-Adobe variants are all working fine. Nothing to see here, move along.
A real flaw (Score:2)
I don't know whether you read the actual details of the flaw, or not. From your response, I doubt that you did.
Essentially, whenever Reader 5.0.9 or 5.0.10 opens a PDF file, it creates a randomly named duplicate in /tmp which can then be read by other users with the appropriate permissions, which makes it a local file disclosure vulnerability. When the file is closed in Reader, the duplicate created is then destroyed.
In addition to the recommended upgrade to version 7, there is a version 5.0.11 which ad
Re:A real flaw (Score:2)
So in version 7, I see that it creates the temp copy in RAM (mkstmp()), but now its vulnerable to be read in a much different way. On Hyperthreaded processors (i.e. multicore from Intel), since the processor itself has a shared cache, both cores need to be able to read fr
Re:A real flaw (Score:1)
Not a problem specific to Adobe...
I wish more OS's would do what Apple did (Score:1)
Apple has great PDF reading and generation that comes free with OSX so you don't have to use the Adobe Reader. It's so nice to have a simple fast loading pdf solution.
Adobe flaw (Score:1)
Acrobat alternative (Score:1)
Andy
Re:Acrobat alternative (Score:1)
Brevity is... (Score:2)
Most of us would have figured that one out.
37MB+ just to open PDFs (Score:1)
It's too bad what has become of Adobe. Bloatware + Spyware. It used to be a cool company.