View Full Version : Acrobat Security Advisory
08-17-2005, 10:11 AM
A weakness in Acrobat might allow a malicious PDF file to execute code. Adobe has updates to deal with this.
Adobe's Advisory (http://www.adobe.com/support/techdocs/321644.html)
Secunia's Advisory (http://secunia.com/advisories/16466)
08-17-2005, 02:35 PM
Well that sure was a pita and a half!
If you try and d/l the latest Reader version, only 7.0 is available so you *have* to download updates 7.01, 7.02 and 7.03 and then install them in sequence...
PS...thanks for the heads up...'-}}
08-17-2005, 02:55 PM
you *have* to download updates 7.01, 7.02 and 7.03
Don't you just accept Adobe's updates as they come? It's far better to, and possibly you already have 7.02. (They never tell you what the update is supposed to do though.)
08-17-2005, 03:35 PM
>>michael: Don't you just accept Adobe's updates as they come?
Nope...never, ever...it's just a personality quirk...I don't like automatic updates...I'm a do-it-yourself-make-it-as-difficult-for-yourself-as-possible person...'-}}
>>and possibly you already have 7.02.
No I didn't and the thing that was weird (as far as I'm concerned) is that I'd just d/l'd Reader about 3 days ago and installed it so I thought initially that it would be the most current version--sans this latest 7.03 patch--and it wasn't because the 7.03 patch wouldn't install until I'd d/l'd and installed .01 and .02...
08-18-2005, 08:06 AM
I'd just d/l'd Reader about 3 days ago and installed it so I thought initially that it would be the most current version
They never are up to date, but Adobe notifies you if there are patches and asks you if you want to update. A. doesn't seem as slick as Microsoft, but then that has had more practice.
08-18-2005, 10:13 AM
but Adobe notifies you if there are patches
Well, it does eventually: on opening Acrobat 7 and choosing 'Check for updates', it tells me 'There is no update at this time'. Apparently Adobe is like Ms Kitt's Englishman, who takes his . . . time.
I've now downloaded Acrobat 7.0.3, though I don't know what an overrun is or why some villains are waiting to pounce if it happens.
08-18-2005, 12:49 PM
>>michael: They never are up to date, but Adobe notifies you if there are patches and asks you if you want to update.
I've got the notify turned off too...'-}}
08-18-2005, 02:39 PM
I've got the notify turned off too
Perverse woman! Actually, I didn't mean 'you' literally, but 'one' (if one doesn't disdain notification).
08-19-2005, 12:25 PM
>>michael: Perverse woman! Actually, I didn't mean 'you' literally, but 'one' (if one doesn't disdain notification).
LOL!!! Got it...
I think one of the reasons that I don't like auto updating is that I worry about an update being done behind my back and then having system problems. If I apply updates manually, then *I'm* in control and aware of exactly what was done and if I have a problem afterwards I can at least narrow down the cause.
For example, I upgraded ZoneAlarm last week and then my shutdown time began to become longer and longer. On checking Event Viewer, I found an error (USERENV). Never having had that before, I suspected the new version of ZoneAlarm and sure enough that was the culprit. I uninstalled the new version and reinstalled the older version and have had no problems since.
Browsing round the ZoneAlarm forums afterwards, I discovered that others have had the problem and the recommended solution was to download UPHCLEAN from Microsoft.
However, Microsoft won't let you do the download until you run through it's validation system--determining that your copy of Windows is valid. While validation is NOT activation (which I'm philosophically opposed to), it just pisses me off. I paid for my software, I registered it, and I'm *not* a thief and don't like the implication that I am. Of course the other thing is that I'd bet that the validation would not have proceeded from Netscape and that I'd have to being using IE which I *loathe*.
Sorry...I'm beginning to foam at the mouth...'-}}
08-19-2005, 03:17 PM
I worry about an update being done behind my back and then having system problems
Not being a computer expert, I don't know how it functions anyway, but Adobe's 0.x update's are unlikely to upset anyone's system. The same cannot be said of its upgrades: when I switch off InternetExplorer I invariably get an Adobe error message to tell me that some Adobe file that I installed with Acrobat 7 hasn't worked. The file with the same name was installed with Acrobat 6.
I upgraded ZoneAlarm last week
When ZA asked you to? I did the same, and apart from being even more officious than ever, it's not giving me any trouble—but I don't look at things in Event Viewer, which is possibly why I can sleep so well.
Microsoft won't let you do the download until you run through it's validation system
I've read about that, but haven't experienced it, possibly because a bundle of downloads for Windows is downloaded to my computer once a month, and I'm only asked if I'm ready to install them. I worry only when things don't work.
08-20-2005, 06:36 AM
However, Microsoft won't let you do the download until you run through it's validation systemI got a good laugh when I saw what Microsoft is doing. They are offering a free anti-spyware program now. But before you can install it, you have to let Microsoft install spyware on your computer that tells them about your system. IOW, the software doesn't simply check the box to see if it can install, it calls home and tells Microsoft about how your computer is set up.
Hugh Wyn Griffith
08-20-2005, 07:16 AM
Absolutely not my experience -- I ran check for updates in the Help menu of Acrobat Reader 7.02 and listed 7.01 7.02 and 7.03 plus some Photo album software as updates and I just downloaded 7.03.
I didn't double check but updates are usually cumulative and I'd expect it here when it seems to download and install a complete installation?
08-20-2005, 10:25 AM
>>michael: When ZA asked you to?
No--I have autoupdate turned off there too...'-}}
I was going to be doing some work on my sister's laptop as she's getting ready to get cable modem and I decided that I should install the latest verson of ZA on her system but wanted to check it out on my system first as I've had problems with oddities in the past when installing a new ZA version--once burned, twice shy...'-}}
>> it's not giving me any trouble—but I don't look at things in Event Viewer, which is possibly why I can sleep so well.
LOL!!! After installing the latest ZA version, the "saving your settings" display when I shut down my system just hung there on the screen for too long so that's why I check the Event Viewer. Having recently had to replace my 3 harddrives and my RAM, I'm a bit paranoid when things don't go as they normally should.
It's interesting that you aren't having problems with ZA--are you using the free version? I am...
>>I've read about that, but haven't experienced it, possibly because a bundle of downloads for Windows is downloaded to my computer once a month,
Your system is more than likely already validated...
08-20-2005, 10:30 AM
>>andrewb: IOW, the software doesn't simply check the box to see if it can install, it calls home and tells Microsoft about how your computer is set up.
08-20-2005, 10:33 AM
>>hugh: I didn't double check but updates are usually cumulative and I'd expect it here when it seems to download and install a complete installation?
I thought it was weird that the .03 update wasn't cumulative...it wouldn't install--gave me an error message--as did the .02 update. It wasn't until I d/l'd and run the .01 (and then .02) that I could install the .03 update. And as I mentioned, I'd just d/l'd and installed Reader a few days before...
08-20-2005, 01:09 PM
It's interesting that you aren't having problems with ZA
I'm using the pro (paid for) version, but all the magazines say it's not worth bothering, since the free version is just as good. But since the last update, it's added an anti-spyware program, and in addition I get dire warnings when just about any program tries to do anything. It took me a while before I realized that you have to OK the action and tick a box so you don't get the warnings again for that program.
Your system is more than likely already validated
It probably is by now, as I've used the Windows notification system for a long time and went over to automatic downloads when I got a cable connexion to the Internet. I find that it's a pretty smooth operation—much better than the Microsoft Office downloading system, which isn't automatic.
I suspect that Microsoft isn't checking all Windows XP installations but only those situated in countries where you are reckoned to be mad to actually pay for Windows. I shouldn't be surprised if they have a lot of Mac installations in those countries too, and they're not installed on Mac computers made in California.
08-21-2005, 12:43 PM
>>michael: I'm using the pro (paid for) version,
That's why you're not having problems...it's the free version that's mucked up...
vBulletin® v3.8.7, Copyright ©2000-2013, vBulletin Solutions, Inc.