PDF In-Depth

EDITORIAL: Adobe Reader rollercoaster slows to a halt

January 11, 2007


After such headlines as "Adobe flaw may be 'worst' bug of 2007" scarcely a week into the new year, one could perhaps be forgiven for feeling a little nervous. As it turns out however, this latest flaw now seems more like a falling acorn than a piece of sky.

Basically, Adobe's Reader browser plug-in leaves user systems vulnerable to attack from JavaScript-based malware via cross-site-scripting (XSS). According to a January 8 Computerworld article, "...the flaw affects Adobe Reader and Acrobat Versions 7.0.8 and older running in the open-source Firefox browser, and Adobe 6.x and older versions running in Microsoft Corp.'s Internet Explorer." An attack exploiting the weakness could be crafted by appending the JavaScript to a Web link to any existing PDF file. Since the danger is in the link rather than the PDF document itself, this method allows even PDFs from trusted sources to be used in this way.

Sounds pretty scary, huh? Well, there are a few reasons that the problem now appears so much less imposing. For a start, the bug only occurs in quite unusual Web browser/PDF viewer combinations. The other point to note is that, due to the rarity of the vulnerable configurations, it's hardly worth the cost of the instant coffee they'd drink while coding for malicious programmers to write the appropriate malware in the first place.

In any case, the simplest fix for the issue is to upgrade to the latest version of the free Adobe Reader (version 8.x), which does not possess the flaw. Basically, that equates to peace-of-mind at the cost of a little bandwidth. For the users who are particularly attached to their older versions (e.g. those using a full version of Acrobat 7.08 or older), Adobe has pledged to release patches to nix the bug. In the interim, such users can adjust their browser preferences to prevent the Reader plug-in from opening within the browser.

Although the vulnerability is a dangerous one, it is only a potential problem and even then, it can only affect a very small percentage of users. I tend to agree with Duff Johnson that the flaw's dangers have been much exaggerated, although I wonder if it isn't more of a case of "Chicken-Little-itis" rather than a deliberate media beat-up.

PDF In-Depth Free Product Trials Ubiquitous PDF

Debenu Quick PDF Library

Get products to market faster with this amazing PDF developer SDK. Over 900 functions and an equally...

Download free demo

Five visions of a PDF Day

In the world of PDFs or as we like to say Planet (of) PDF, a year isn't a real PDF year without an intense few days of industry knowledge sharing.

May 15, 2018
Platinum Sponsor

Search Planet PDF
more searching options...
Planet PDF Newsletter
Most Popular Articles
Featured Product

Debenu PDF Aerialist

The ultimate plug-in for Adobe Acrobat. Advanced splitting, merging, stamping, bookmarking, and link control. Take Acrobat to the next level.


Adding a PDF Stamp Comment

OK, so you want to stamp your document. Maybe you need to give reviewers some advice about the document's status or sensitivity. This tip from author Ted Padova demonstrates how to add stamps with the Stamp Tool along with related comments.