Do you remember a time when you knew your personal computer was safe from infiltration? There was a time when the only danger was from inserting a strange floppy disk. Nowadays, if you’re connected to the Internet every day brings a new threat.
This week’s big vulnerability announcement comes from Adobe and affects their Acrobat and Adobe Reader programs.
“This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited. There are reports that this issue is being exploited.
Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009"
Now, I’m a Adobe user and aside from their overzealous startup habits I’m a fan of Photoshop and the universal PDF format. Still, I’m having a hard time understanding how anyone could still release any code that is vulnerable to a buffer overflow attack. The technology and programming libraries exist so that only a programmer from the dark ages should allow this kind of behavior.
I don’t claim to be a perfect programmer but a company as big as Adobe should have a whole crew implementing best practices for their development team.
This is incredibly sloppy and I just don’t get it.
To make matters even worse, Adobe provides no guidance as how to prevent attacks. My advice is to disable any Adobe reader on your system.
If you’re a WinPatrol user, click on the ActiveX tab and sort by company name to find your Adobe components. Select the Acrobat reader and click on Disable.
If you’re not a WinPatrol user you can protect yourself by opening up Acrobat or Adobe Reader and disable Javascript from within that application. You should find it under the Edit menu -> Preferences. You can uncheck the box in front of “Enable Acrobat Javascript”.
It may also be a time to replace your default PDF file reader with a new one. I’m sure some of my readers can comment on what they find is the best alternate for Acrobat so stop back for more information.
0 comments:
Post a Comment