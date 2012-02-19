from the 42 dept.
Submitted via IRC for Bytram
Adobe Fixes 43 Critical Acrobat and Reader Flaws
Adobe issued patches for 43 critical vulnerabilities in Acrobat and Reader – including a fix for a zero-day flaw that researchers at 0patch temporarily fixed on Monday. That bug could enable bad actors to steal victims’ hashed password values.
Overall, Adobe patched 75 important and critical vulnerabilities across its products, including Acrobat Reader DC, Adobe Flash Player, Adobe Coldfusion, and Creative Cloud Desktop Application. The Tuesday morning patches are part of Adobe’s regularly-scheduled security updates.
Adobe said it is not aware that any of these vulnerabilities are being actively exploited.
Adobe Acrobat and Reader by far had the most vulnerabilities (71 overall) – 43 of which were dubbed critical severity.
(Score: 4, Informative) by opinionated_science on Tuesday February 12, @11:50PM (4 children)
rm -fr /usr/bin/acroread
(Score: 2, Insightful) by Anonymous Coward on Wednesday February 13, @12:26AM
Exactly. Talk about too little too late.
Die in a fire Adobe,
(Score: 3, Informative) by stretch611 on Wednesday February 13, @10:20AM
del C:\Program Files\Adobe\Reader\acroread.exe
After all, no self respecting linux/unix person still uses Adobe Products. While the original post would likely work on Mac, many of those users are even less likely to know even how to even get a command prompt compared the windows crowd.
(Score: 1, Funny) by Anonymous Coward on Wednesday February 13, @10:26AM
Isn't rm -rf more idiomatic? For a second I thought you were deleting France.
(Score: 2) by DannyB on Wednesday February 13, @03:10PM
No need to take such drastic action. This is 43 bugs down, leaving only ten billion remaining to be fixed.
ALL LIABILITY IS EXPRESSLY DISCLAIMED FOR PERSONAL INJURY OR DEATH THAT RESULTS FROM READING THE SOURCE CODE.
(Score: 3, Funny) by bob_super on Wednesday February 13, @01:11AM (1 child)
While I do appreciate how my supplier can send me 3D models in PDF form, it's mind-boggling that Adobe manages to insert so many critical bugs in something that should be primarily a document reader/editor.
How do the annual numbers compare to MS Office ?
(Score: 1, Informative) by Anonymous Coward on Wednesday February 13, @03:11AM
https://www.cvedetails.com/product/921/Adobe-Acrobat.html?vendor_id=53 [cvedetails.com] vs https://www.cvedetails.com/product/320/Microsoft-Office.html?vendor_id=26 [cvedetails.com]
(Score: 0) by Anonymous Coward on Wednesday February 13, @01:44AM (2 children)
It's time for adobe to die a quiet death while we remember them fondly for introducing to the world a format better than .doc but for whom did not finish their quest
(Score: 1, Insightful) by Anonymous Coward on Wednesday February 13, @06:18AM
They finished the quest with PDF/A, but even then they couldn't stop and now there are 4 versions of that as well.
(Score: 2) by DannyB on Wednesday February 13, @03:19PM
It was time for Adobe to DIE DIE DIE back when the Dmitry Sklyarov [wikipedia.org] incident occurred in 2001-2002. People tend to forget. But this was so unbelievably outrageous that everyone needs to remember.
Executive Summary:
* Adobe sells its eBook system
* proclaims how secure it is
* security researcher comes to US to present findings at a conference
* exposes how naively weak Adobe's eBook security truly is
* along with a tool that provided ample proof
* because he is Russian, Adobe calls FBI
* evil hackers who tell the truth must be stopped
* he is arrested, passport taken away, kept in the US for six months away from his family and recently born son
* Adobe continues to aggressively push this
* because Adobe can't stand the truth
Despicable. Adobe.
But people forget.
Prior to this, there was a slashdot story about an Adobe eBook, which was a children's bedtime story. It was so ridiculously locked down in terms of permissions, that the eBook would inform the user that no permission was given to read this book aloud. Great idea for a children's book. Stupid idea for any book. Why can't a book be read aloud? What kind of dystopia are we living in?
ALL LIABILITY IS EXPRESSLY DISCLAIMED FOR PERSONAL INJURY OR DEATH THAT RESULTS FROM READING THE SOURCE CODE.
(Score: 2) by aristarchus on Wednesday February 13, @08:13AM (2 children)
These bastards had a PhD student arrested for showing publicly how hosed their tech was.
The day after he gave a talk at the hacker conference, a Russian software engineer is arrested by the FBI for allegedly cracking e-book security. [cnet.com]
I would not trust them as far as I could throw a Sony rootkit.
Seriously, anyone trusting Adobe for anything is seriously compromised already. Do not trust Adobe. Adobe is the bad actor. The only corporation I hate more than Microserft is Adobe. Adobe sucks donkey balls. Adobe is worse than Flash, especially Adobe Flash Player. Adobe once raped my dog. #FreeSklyarov!!!!
#Free{nick}_NOW!!!
(Score: 2) by stretch611 on Wednesday February 13, @10:29AM (1 child)
Its funny how it appears that you think that Adobe and Flash are separate companies, in spite of you referring to flash as "Adobe Flah Player."
As for your poor dog, it has been more than once; and how come you blame Adobe even though you are the one with all the dog scratches on your genitals the next morning?
(Score: 2) by DannyB on Wednesday February 13, @03:30PM
Long ago, I was a classic Mac developer and Apple fanboy. In about August 1987 I attended a MacWorld in Boston. I saw this amazing product called VideoWorks II [wikipedia.org]. With it you could create animations and color. It was amazing what could be done with it. And you have to remember this was 1987. Where a really good machine had 8 MB of memory (not GB) and maybe about 20 MHz clock speed.
Time passes. Things move on. I'm a Linux guy. I gradually become a Web developer. Looking at lots of technologies.
Flash. Interesting, but requires a proprietary extension in the browser. Not exactly Linux browser friendly at that point.
I discover that Flash or Shockwave, whatever they call it at this early point, is basically the technology of VideoWorks II. Packaged as a developer side tool, and a browser extension playback. Later on Flash gains vastly greater capability and general programmability. But it started out that way. I don't know any actual details of how this came to be, by acquisition or whatever.
I can see why someone might see Adobe and Flash as separate companies. At some point the technology, and/or company was acquired by Adobe.
ALL LIABILITY IS EXPRESSLY DISCLAIMED FOR PERSONAL INJURY OR DEATH THAT RESULTS FROM READING THE SOURCE CODE.
(Score: 0) by Anonymous Coward on Wednesday February 13, @04:20PM
I hate when Adobe Flash player tries to sneak Mcafee antivirus on your computer by default. I guess their thinking is that they can use the antivirus to offset the fact that their software is such a vulnerability? But the thing is Mcafee itself is more of a vulnerability and system hog than it is a security benefit to your system.