OT: Acrobat security hole

Or you can just change how it handles documents inside FF

Does not IE7 & IE6 both use the same code that has been around since IE4? If so IE7 is no better than IE5.

PeterD

Wouldnt have a clue...but the "experts" quoted in report said "Internet Explorer 6.0 web browser and earlier versions" so based on that IE7 is different. If IE7 was vulnerable wouldn't they have said so?
Cheers
Greg

Greg

On the other hand the article does not say IE7 is immune from those problems.

PeterD

The way I understand IE7 is immune. Copy and paste from article.

"They recommended that users protect themselves by upgrading Internet Explorer or changing Firefox's user options so the browser does not use the Acrobat plug-in."

Chris

Mike

Reading the page you linked us to - it appears that the problem is with Acrobat Readers prior to V8 rather than the browser you are using. In that case I do not think PDF Download will help without installing Reader V8.

PeterD

According to one report...

"Forrester researcher and security expert Natalie Lambert noted that users seeking to protect themselves can simply stop using Adobe's Reader -- although it's not likely they'll do so, she added. Acrobat has become not merely a convenience but a much-needed tool in many office settings.

Instead, defense-minded users can upgrade to Version 8, which Adobe released in early September.

"This is the ideal solution," she said, "but getting consumers and businesses to universally push these upgrades will take time."

This supports your comment Mike that upgrading to Acrobat Reader 8 is the thing to do...though I suppose we should get PeterD's opinion as his English comprehension is better than mine:)

Cheers
Greg

Greg - the Age article just said "by upgrading Internet Explorer" - they did not say whether by installing IE7 or by installing M$ updates. As I have seen articles that say that IE7 still uses the basic code of IE4 I doubt that IE7 will fix the problem.

Further to that, look at www.adobe.com/support/security/ - You will note that Adobe have given the same warning to Apple and Linux users. To me that confirms IE7 to be no better than the rest.

However the report also mentions "Exploitability depends on the browser and browser version being used." therefore there seems to be browsers that are not vunerable, with IE7 sounding like a contender :-)

Andrew

Have been reading Site Link on Yahoo News.

Here is a quote from near the bottom:

"After an initial analysis, Symantec said that the Adobe Reader XSS flaw works when Mozilla's Firefox 1.5 and Opera 9.10 browsers are used to view a malicious link, but that Microsoft's Internet Explorer 6 and IE 7 will both generate a JavaScript error when trying to open a PDF. Firefox 2.0, the most current version of the Mozilla open-source browser, also returns an error dialog, which reads "This operation is not allowed." "

PeterD

phew..downloaded about 20 PDF's today (not sure if it was via IE7 or MoziV2) - good to see both would have notified of a problem. Doesn't sound good for Mozilla Firefox 1.5 and Opera 9.10 users though.

Cheers
Greg