Attack of the PDFs

TalkBack 1 of 57:: Next »

Thread View
Flat View

Adobe's misleadingly broken 7.0.x updater: So, so far there's no fix for anything earlier than version 8.0. (And BTW have you read Adobe's wording in their release about this? It says that the update "may be installed" over 8.0. As a technical writer, I can tell you that that's weasel-wording; it signals to me that Adobe may well not have fully tested whether or not the update for 8.l.1 actually fixes 8.0.) And so in Acrobat 7.0.9 Professional, when I check for updates, I'm shown a list that indicates that updates are available for 7.0.5, 7.0.7, 7.0.8, and 7.0.9.

So I install the update for 7.0.9, which ultimately requires that I reboot my system. After I do so, and I again check for updates, *I see the same list*.

I have 7.0.9; I shouldn't see updates for earlier versions. I install the update for 7.0.9; I shouldn't see it again.

The broken 7.0.x updater will lull many who check now that they are getting an update that addresses this vulnerability when they're not.

At this point, not having a vulnerability POC site I can go to check whether the fix works, what I'd like to know is this: Since the most recent install of a program that associates a give filetype or filetypes with itself generally grabs associations from existing apps, have I provisionally protected my dopey Acrobat 7.0.9 intallation from automatic IE-vectored drive-bys if I install Acrobat Reader 8.1.1? If so, I should be able to get into trouble with 7.0.9 only if I manually open a PDF file with it.

Or so I imagine.; Posted by: dpnewkirk Posted on: 10/23/07 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Adobe's misleadingly broken 7.0.x updater dpnewkirk | 10/23/07

Reason 4,534 not to use Windows (NT) DarthRidiculous | 10/23/07

re:Reason 9,129,837.exe NOT to use Winblows (nt) n0neXn0ne | 10/23/07

Use Foxit Reader osreinstall | 10/23/07

yep The_Curmudgeon | 10/24/07

Yes there is. osreinstall | 10/24/07

UNINSTALL Adobe Acrobat and get Foxit Reader zookeeperz@... | 10/26/07

Not completely osreinstall | 10/26/07

Great, nice alternative! thx-1138_@... | 10/27/07

You're Welcome osreinstall | 10/27/07

Reason 4,534 to run as a standard user account PB_z | 10/24/07

Amen! ttocsmij | 10/24/07

Sort of like what Linux does . Intellihence | 10/24/07

another reason to use the UAC . qmlscycrajg | 10/24/07

What about shared folders? JCitizen | 10/24/07

again Linux is safe Linux Geek | 10/24/07

Nothing is safe! GovTech | 10/24/07

Except for Mac OS Geotopia | 10/24/07

There are crackers out there alaniane@... | 10/24/07

Well ,,, Intellihence | 10/24/07

It's not "absolut security"... Resuna | 10/24/07

thanks ttocsmij | 10/24/07

I appologize if I ever called you a hacker.. JCitizen | 10/24/07

Since when thammr | 10/24/07

Ya know... Wolfie2K3 | 10/24/07

Re: Ya Know kordoniss@... | 10/25/07

RE: Attack of the PDFs chris.copp@... | 10/24/07

Source of IP Address Geotopia | 10/24/07

PDF attack cassam | 10/24/07

Excuse me... SpikeyMike | 10/24/07

Ignorance sure is bliss my friend . Intellihence | 10/24/07

Umm...pretty sure they already know wolfsouls | 10/24/07

Internet "slut" is safe SteveMak | 10/24/07

No Safety in Numbers jmika@... | 10/24/07

wrong assumption SpikeyMike | 10/24/07

Internet Junkie chromeronin | 10/24/07

Ach! ttocsmij | 10/24/07

Or better yet, itpro_z | 10/24/07

My friend the majority of Windows users are not like you . Intellihence | 10/24/07

Wisdom indeed arowe@... | 10/25/07

"Block the delivery of PDF files in email"?? denisdubois | 10/24/07

knee jerk ttocsmij | 10/24/07

Burnt Offerings tsmit13@... | 10/24/07

RE: Attack of the PDFs kathi@... | 10/24/07

RE: Attack of the PDFs flotsam70 | 10/24/07

RE: Attack of the PDFs addar@... | 10/24/07

another reason to use the UAC qmlscycrajg | 10/24/07

RE: Attack of the PDFs crawdad2k | 10/24/07

RE: Attack of the PDFs dave@... | 10/24/07

You'd think they could... Wolfie2K3 | 10/24/07

Very good points! thx-1138_@... | 10/25/07

FOXIT READER page.jason@... | 10/24/07

What enemies? jeanjaz | 10/24/07

Exactly kyussmondo | 10/25/07

Blacklist dave@... | 10/29/07

Sorry dave@... | 10/29/07

Wow John Musbach | 11/14/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Dell Helps Medical University of South Carolina Bring the Intelligent Classroom to Life Dell Established in 1824, Medical University of South Carolina (MUSC) is one of ... Download Now
Leveraging SMB ERP for an Economic Recovery ZDNet Times are tough but better days are sure to follow. In the wake of an ... Download Now
Get top-ranked Novell support for Red Hat when you switch Novell If Linux is going to power your mission-critical applications, you'd ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
More from IBM
How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
Linking Decisions and Information for Organizational Performance Read the Tom Davenport study

Read the original story

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads