|
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
0day attack in Adobe Reader – again
Posted on December 16th, 2009 at 21:46 10 commentsYet another 0day PDF attack is making the rounds. If you open an infected PDF file, and you’re using Adobe Acrobat Reader, your PC can get taken over.
Adobe confirms that 0day, but doesn’t offer much help. SANS Internet Storm Center is following the outbreak in real time.
The sky isn’t falling, but you shouldn’t open a PDF file attached to an inbound email message unless you’ve written to the sender and confirmed that they intended to send you a PDF. Even then you shouldn’t open it unless you trust the sender to be savvy enough to not be spreading around infected files.
No word yet on whether Foxit is similarly afflicted. (Many of you know that I don’t put Adobe Reader on my machines; I only use Foxit.)
10 responses to “0day attack in Adobe Reader – again”
-
Does this also effect full Standard and Professional versions of Adobe Acrobat? Or is it just a Reader issue?
-
rc primak December 17th, 2009 at 00:45
It’s a bit soon to see whether Foxit Reader follows suit with Adobe Reader to issue a security update, as they are usually a week or two behind. But as of today, no reports or updates regarding Foxit (I just checked). I will post again if this changes.
-
Daisy -
Yes, in the sense that if you use Standard or Professional to open a PDF file, you can get bit.
-
@woody & @rc primak:
It does not seem that the recent 0day security flaw affects Foxit Reader software.
Here’s the site to report any security vulnerabilities in Foxit Software.
-
Thanks, EP.
Good news, indeed for those of us who use Foxit Reader instead of Adobe Reader.
-
rc primak December 23rd, 2009 at 16:03
Foxit Reader did in fact issue an update recently. Get it.
-
Are you sure, rc primak? the latest Foxit Reader “update” was released back on November 26, 2009 – version 3.1.4 build 1125 as noted on the Foxit Reader downloads page. Don’t know what you’re talking about, silly rc primak. A recent update would or should have been released in December, NOT in November.
At least those who use Sumatra PDF Viewer are NOT affected by the 0day PDF security flaw. One forum member confirmed it here.
No probs, Woody. You may also want to try out Sumatra PDF Viewer, a light weight PDF file reader that starts up faster than Adobe Reader and Foxit Reader.
-
UPDATE: Adobe is scheduled to release updates to Adobe Reader to fix the 0day PDF attack problem on January 12, 2010 as noted on Adobe’s blog.
-
rc primak December 30th, 2009 at 12:30
EP —
In December 2009, I did get a notice in my Foxit Reader Updater that there was a new updated to the main program. I don’t know why you did not get the notice. I applied the update, but it was over some minor issue, not a big security issue, as I recall. My version is also 3.1.4.1125, but it came to me in mid-December. The official date stamp may vary.
-
rc primak December 30th, 2009 at 12:34
EP —
Your version of Foxit Reader is the same as mine. But my last update came down in mid-December 2009. Maybe I did no updating of Foxit Reader for awhile, hence the difference. Could have been the November update, in which case, Foxit Reader has not reported any response to the sort of security problem currently facing Adobe Reader. We shall see.
Leave a reply
-
Support AskWoody.com
Click on this list to get
Woody ’s books at Amazon.com
- Windows 7 All-In-One For Dummies
- Green Home Computing For Dummies
- Windows Vista All-In-One Desk Reference For Dummies
- Windows Vista Timesaving Techniques For Dummies
- Windows XP All-In-One Desk Reference For Dummies
- Windows XP Timesaving Techniques For Dummies
- Windows XP Hacks & Mods For Dummies
- Windows Home Server For Dummies
- Special Edition Using MS Office 2007
- Special Edition Using MS Office Home & Student 2007
- Special Edition Using MS Office 2003
- Office 2003 Timesaving Techniques For Dummies
- Special Edition Using MS Office 2003, Student-Teacher Edition)