Skip to Content

Acrobat vulnerability may affect Mac users

by Michael Rose Feb 20th 2009 at 10:30AM


As if the baked-in security issues weren't enough to deal with, Adobe has announced today that all versions since v7 of Acrobat and Acrobat Reader on all platforms -- including Mac OS X -- are vulnerable to an Javascript exploit that can crash Acrobat. [Correction, per The Register and Shadowserver the vulnerability is not in Javascript per se but the circulating exploits use Javascript to leverage the actual flaw. Thanks to Adam Engst for the heads-up.] The same approach could possibly give an attacker unrestricted access to the target system. More from Download Squad on the scope of the problem; Adobe and others are reporting that there are already exploits in the wild for this problem.

Mac users have, of course, a very solid option for handling PDF files other than Acrobat: Preview, installed on every Mac OS X machine. You can also turn off Javascript support in the Acrobat preferences to lock out exploits from proceeding beyond crashing the app to actually doing widespread damage.

To change the default handler for PDF files, select any PDF file in the Finder and then select Get Info from the File menu. Under the Open With section, select Preview.app and then click Change All.

View Tags

Related Stories

Categories

Security

As if the baked-in security issues weren't enough to deal with, Adobe has announced today that all versions since v7 of Acrobat and...
 

Add a Comment

Sign in »
*0 / 3000 Character Maximum

10 Comments

Filter by:
kevin

to clarify, why would anyone ever use Acrobat Reader? The Acrobat program, for creating PDFs, fine, but the reader is horrendous and not needed on OS X, Windows or Linux.

February 24 2009 at 9:57 AM Report abuse rate up rate down Reply
Nigel

For publishes, Acrobat Pro is good. But for the end user, Acrobat is the shiits. Preview I use to read PDFs, Acrobat Pro to make em.

February 20 2009 at 4:03 PM Report abuse rate up rate down Reply
scott

As a web developer I use Acrobat Pro every day for clients. I create lots of PDF files that need to be optimized & encrypted for the web. That being said I use Preview for reading PDF files I get.

February 20 2009 at 12:54 PM Report abuse rate up rate down Reply
chris.coff.eepor

I've been using skim for a while now

February 20 2009 at 12:40 PM Report abuse rate up rate down Reply
Tyler Whitworth

Well, I like Acrobat, it's nice and all and useful. However I avoid using it most of the time because it's just so slow compared to preview or Skim. As far as encrypting a PDF File goes, I believe the freeware program PDF Lab does a pretty good job at that. (as well as decrypting and a bunch of other cool stuff)

February 20 2009 at 12:39 PM Report abuse rate up rate down Reply
SlaunchaMan

Lots of people are commenting with things like "Why would you ever use Acrobat?"

Well, for one, what if you want to make an encrypted PDF? What if you - gasp - LIKE Acrobat?

Don't get me wrong, I hate it. I'm a Mac sysadmin who has to deploy it. But this is a lot like saying, "Why would you ever use Windows?" Sure, you can prefer Mac OS X or other UNIX-based systems, but if someone prefers Windows, hey, that's their right.

Anyway, to speak to the main point: Adobe software tries to be all things to all people. Heck, they even made Acrobat into a word processor. It's completely unsurprising that this would happen. I'm going to disable JavaScript in Acrobat on our systems until the security hole is fixed... or until the next flaw is discovered.

February 20 2009 at 11:42 AM Report abuse rate up rate down Reply
1 reply to SlaunchaMan's comment
bryan

I think for the average user, they're right, "Why would you ever use Acrobat?" 90% of users probably use 10% of the features.

But on top of things like encrypting a PDF, Acrobat Pro has tons of features that publishers, designers, and printers use on a daily basis, and many of them rely on the JavaScript engine built into Acrobat.

I work for a major publisher and a few months ago I got a survey from Adobe asking how much of an impact it would be if they were to remove certain features, including JavaScript and AppleScript support. I really hope Adobe fixes this vulnerability instead of seeing it as a reason to remove JavaScript support from Acrobat!

February 20 2009 at 12:18 PM Report abuse rate up rate down Reply
Lalizig

Shock. Bloatware has security flaws. Has anyone noticed that every new version is larger and larger? WHY would you ever use Acrobat anyway? Slightly better mark-up tools?

I have no sympathy for Acrobat users.

February 20 2009 at 11:01 AM Report abuse rate up rate down Reply
grifmusic

what? acrobat? what's that?

been using preview for years! sometimes Skim. they have different Mark Up tools.

February 20 2009 at 10:57 AM Report abuse rate up rate down Reply
dan

For anyone doing anything remotely grown up with PDFs I strongly recommend using Skim.

It's freeware and it's fantastic! Much better than Adobe's own effort.

February 20 2009 at 10:51 AM Report abuse rate up rate down Reply
Buy an ad here

Hot Apps on TUAW

Tweets

© 2012 AOL Inc. All Rights Reserved.