Forum Thread: New threat found in Adobe reader - not reported in Secunia

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
amhoyle New threat found in Adobe reader - not reported in Secunia
Member 27th Feb, 2009 03:14
Ranking: 1
Posts: 15
User Since: 7th Nov, 2008
System Score: N/A
Location: UK
Last edited on 27th Feb, 2009 03:14

New threat in Adobe reader acknowledged here on 19-02-09.
http://www.adobe.com/support/security/advisories/a...
This gives recommended action and expected date of patch availability.

Secunia PSI however is not yet reporting any threat category for Adobe Reader 9.

The flaw can allow PCs to be infected with a damaging 'Trojan' after downloading (or opening) a specially crafted PDF and there have been cases detected in the wild by Symantec.

Maurice Joyce RE: New threat found in Adobe reader - not reported in Secunia
Handling Contributor 27th Feb, 2009 21:47
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 28th Feb, 2009 00:10
They have indeed been working quite hard on the problem as far as they can go.

Details for all Secunia users to see is here:
http://secunia.com/blog/44/
and here:
http://secunia.com/advisories/

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Bob_Primak RE: New threat found in Adobe reader - not reported in Secunia
Member 28th Feb, 2009 06:29
Score: 0
Posts: 45
User Since: 28th Feb 2009
System Score: N/A
Location: Hinsdale, Illinois, US
Last edited on 28th Feb, 2009 06:41
PC World reports that non-Adobe PDF Readers, such as my favorite, Foxit Reader, may not be vulnerable to these attacks. Details at:

http://www.pcworld.com/businesscenter/article/1600...

I personally would never allow any Adobe product on my computer, except that nothing performs as well as Flash Player for that purpose. Even with Flash Player, I am constantly running to Adobe for updates and each time I have to reset my Privacy Preferences for Flash Player. Find out about Adobe privacy controls and why you need to pay attention to them in this article from Gnash (a cookie detection utility company):

http://www.gnashdev.org/?q=node/62

That's why I would never trust anything from Adobe on my computer. Enough said?

The missing link is to the Adobe Flash Player Settings Manager Page:

http://www.macromedia.com/support/documentation/en...

These settings need to be reset from time to time, as Adobe keeps resetting them. And web sites seem to be able to override these settings if they pay for the privilege. Each user (account) needs to set its own Flash Player settings. Check in with this page frequently for maximum privacy.

-- Bob --

--
-- Bob --
Was this reply relevant?
+0
-0
Maurice Joyce RE: New threat found in Adobe reader - not reported in Secunia
Handling Contributor 28th Feb, 2009 14:33
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Bob,
Spot on with Adobe - complete bloatware. Interested to know what U think of Adobe Shockwave. Many PC's I fix have it installed. I have never been convinced it is really necessary.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
puget1 RE: New threat found in Adobe reader - not reported in Secunia
Member 28th Feb, 2009 18:19
Score:
Posts: 612
User Since: 21st Dec 2007
System Score: N/A
Location: US
Last edited on 28th Feb, 2009 18:40
Just for my knowledge is this forum about clickjacking? That is why I too went to Foxit reader. However, as we all know Microsoft rules and from time to time overrides Foxit and will go to Adobe. Does anyone have a fix for that? I wondered how long it would take for the hackers to come after Adobe. If the threat is about clickjacking,have you tried "No Scripts" by Maone. Go to Hackademix.net for more info. Sorry,I don not want to uninstall Adobe as so much is directly connected to it. Oh,yea I just got the Secunia Advisory for the updates to Adobe 2-28-2009

--
Windows 10 64bit

There is No magic bullet in computing; only work a rounds.
















Was this reply relevant?
+0
-0
Bob_Primak RE: New threat found in Adobe reader - not reported in Secunia
Member 1st Mar, 2009 08:51
Score: 0
Posts: 45
User Since: 28th Feb 2009
System Score: N/A
Location: Hinsdale, Illinois, US
Last edited on 1st Mar, 2009 08:52
First, Shockwave has the same risks as Flash Player. The reason you never hear about problems is that very few videos these days are in the Shockwave format. VLC Player does not have these vulnerabilities, but has flaws of its own. Shockwave is completely unnecessary if you have an alternative player, and so is Flash Player with its privacy problems.

That having been said, I use both Shockwave and Flash Player. But I went to the Flash Player Settings Manager Page at Adobe and disallowed everything. Adobe still keeps resetting the settings, but only when I update something from them.

As for programs opening with Adobe Reader, or PDFs opening in Adobe Reader, I have completely removed Adobe Reader using Revo Uninstaller, and all the Associations are now opening with Foxit Reader. No problems with any PDFs.

Clickjacking is a different issue, and it is well addressed in Firefox 3 by using the NoScript Add-on.

--
-- Bob --
Was this reply relevant?
+0
-0
Alan_Baxter RE: New threat found in Adobe reader - not reported in Secunia
Member 1st Mar, 2009 09:01
Score: 0
Posts: 61
User Since: 1st Mar 2009
System Score: N/A
Location: US
on 1st Mar, 2009 08:51, Bob_Primak wrote:
That having been said, I use both Shockwave and Flash Player. But I went to the Flash Player Settings Manager Page at Adobe and disallowed everything. Adobe still keeps resetting the settings, but only when I update something from them.

Check out the BetterPrivacy extension for Firefox, Bob. I use it to automatically clean out the persistent Flash data, aka Flash cookies. I don't worry about the Flash settings anymore.
Was this reply relevant?
+0
-0
Bob_Primak RE: New threat found in Adobe reader - not reported in Secunia
Member 1st Mar, 2009 09:17
Score: 0
Posts: 45
User Since: 28th Feb 2009
System Score: N/A
Location: Hinsdale, Illinois, US
Last edited on 1st Mar, 2009 19:44
Nice catch. I didn't know about that one. But I don't mind going to Adobe's Settings Page -- I just have to remember to do it whenever I update. For Internet Explorer, there is no similar plugin, AFAIK.

--
-- Bob --
Was this reply relevant?
+0
-0
puget1 RE: New threat found in Adobe reader - not reported in Secunia
Member 1st Mar, 2009 13:46
Score:
Posts: 612
User Since: 21st Dec 2007
System Score: N/A
Location: US
Last edited on 1st Mar, 2009 13:49
Thanks,ALL will try the Adobe settings page.

--
Windows 10 64bit

There is No magic bullet in computing; only work a rounds.
















Was this reply relevant?
+0
-0
Bob_Primak RE: New threat found in Adobe reader - not reported in Secunia
Member 1st Mar, 2009 19:46
Score: 0
Posts: 45
User Since: 28th Feb 2009
System Score: N/A
Location: Hinsdale, Illinois, US
BetterPrivacy is great for Firefox. I just downloaded it and set it up. But there seems to be no similar plug in for Internet Explorer, so I guess I will still have to occasionally go to the Adobe Settings Page to clean up on those rare occasions when I have been using IE7.

--
-- Bob --
Was this reply relevant?
+0
-0

This thread has been marked as locked.