Is it time to leave insecure Adobe behind?

by Davey Winder on Apr 29th, 2009, 7:57 am

The bad guys of the IT business are always looking for the most effective ways to infect the innocent Internet user, and increasingly that means turning to commonly used web browser plug-ins such as Flash or PDF readers. A couple of years ago we were reporting critical vulnerabilities for all Adobe Flash platforms, and towards the end of last year there were reports of a critical vulnerability in Adobe Reader. Cue Jaws soundtrack: just when you thought it was safe to go back in the Adobe PDF water.

According to an official Adobe security warning "All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable" to another zero-day JavaScript vulnerability. That's all shipping versions on all platforms, including Mac and Unix users.

Adobe says that it "plans to provide updates for all affected versions for all platforms to resolve this issue" although it cannot currently say how long this will take other than to confirm it is "working on a development schedule for these updates and will post a timeline as soon as possible."

So what should you do in the meantime? Adobe recommends that in order to mitigate the issue, JavaScript should be immediately disabled in both Adobe Reader and Acrobat. Alternatively you could, of course, find another application for your Flash and PDF requirements which is less popular and not so attractive to the bad guys.

As Graham Cluley, senior technology consultant with security outfit Sophos says: "this is far from the first time that critical vulnerabilities have been found in Adobe's software, and there is growing concern that the vendor's dominant market share of the PDF reader market is proving extremely attractive for hackers hellbent on infecting as many PCs as possible."

That said, Adobe's track record is not as poor as, for example, Internet Explorer or even Windows itself when it comes to being a hit target for security exploits. As Mozilla has discovered, when lots of people move to your product it simply shifts some of that bad guy focus to your product.

Print News Story

Similar Threads

Vista remains insecure, argues Bill Pill creator in Windows Vista and Windows 7
Insecure string pickle in Python
why is this language so insecure? in PHP
Is it time to leave? in Geeks' Lounge

Comments on this News Story

Permalink

Apr 29th, 2009

Re: Is it time to leave insecure Adobe behind?

Adobe should have been left behind long ago. Their applications are much larger than needed, overlap functions - and generally attempt to take over a users computer, somewhat like a company from Redmond WA.

The Adobe of Illustrator and Photoshop early editions hasn't been around for a long time. Since John Warnock left, as a matter of fact.

rapper2

Newbie Poster

Offline

2 posts
since Apr 2009

Previous Thread in Graphics and Multimedia Forum Timeline: How to show image in place of swf if flash player is not installed in browser !

Next Thread in Graphics and Multimedia Forum Timeline: photo gallery template

DaniWeb Message

Cancel Changes

User Name
Password