Adobe fixes vulnerabilities in Reader

Adobe has released Adobe Reader and Acrobat versions 9.3.3 and 8.2.3 for Windows, Mac and Unix, respectively; the new versions are fixing several security vulnerabilities which allow attackers to compromise PCs with manipulated PDF documents. Users of Adobe Reader and Acrobat should install the updates as soon as possible to decrease the attack surface on their system.

Also Google has chosen a very interesting path: They include Adobe Flash in the browser in the future, so that updates will be delivered with the automatic browser updates. Currently in the developer builds there is also a stripped-down PDF reader which doesn’t support for example JavaScript or the /launch command – which also protects from many PDF attacks. According to the Chromium Blog of Google, they are also thinking about blocking outdated plugins in the future. From the security perspective, these are the right steps forward.

The Mozilla developers also didn’t sleep too much. Just a few days after releasing Firefox 3.6.4 they now already offer version 3.6.6. They fixed the timeout value for the plugins running in the separated plugins_container.exe process – on slow computers, the old 10 second timeout lead to plugin-crashes while the plugin was running just fine. Now Firefox waits 45 seconds before considering a plugin as being crashed. While installing browser updates, Firefox now also checks automatically for some outdated plugins and offers to download and install updated versions.

Dirk Knop
Technical Editor