I updated my copy of Adobe to the Beta for flash and got rid of one problem then stuck a PDF reader from another company on my machine and got rid of Adobe reader.
My experience with Adobe has been that _it_ is a security problem and a major pain in the butt. I don't like having to use their products. They need to get some new blood in among their coders or they are going to forfeit a lot of business which already seems to be true with flash. It is going by-bye.
Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks.
The update, which affects Adobe Reader/Acrobat 9.3.2 (and earlier versions), includes a fix for the outstanding PDF “/Launch” functionality social engineering attack vector that was disclosed by researcher Didier Stevens.
As previously reported, Didier created a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities.
[ Hacker finds a way to exploit PDF files, without a vulnerability ]
The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file.
According to Adobe, the newest version includes changes to resolve the misuse of this command.
We added functionality to block any attempts to launch an executable or other harmful objects by default. We also altered the way the existing warning dialog works to thwart the known social engineering attacks.
This Adobe Reader/Acrobat patch batch was originally scheduled for July 13, 2010.
More information on vulnerabilities fixed in the latest update, see this Adobe advisory.
