Comments on: Security Updates for Adobe Acrobat, Reader http://krebsonsecurity.com/2010/06/security-update-for-adobe-acrobat-reader/ In-depth security news and investigation Sat, 11 Feb 2012 19:29:31 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Tim Rowe http://krebsonsecurity.com/2010/06/security-update-for-adobe-acrobat-reader/comment-page-1/#comment-10093 Tim Rowe Wed, 15 Sep 2010 19:01:59 +0000 http://krebsonsecurity.com/?p=3851#comment-10093 The link about launcing external applications says "If your organization relies on this capability, we recommend that the functionality be re-enabled", but I can't find out how to do that :-( The link about launcing external applications says “If your organization relies on this capability, we recommend that the functionality be re-enabled”, but I can’t find out how to do that :-(

Like or Dislike: Thumb up 0 Thumb down 0
]]> By: Kevin http://krebsonsecurity.com/2010/06/security-update-for-adobe-acrobat-reader/comment-page-1/#comment-7336 Kevin Fri, 02 Jul 2010 20:12:05 +0000 http://krebsonsecurity.com/?p=3851#comment-7336 Since the update to 9.3.3 I've received an error message stating ""This application has failed to start because lsapiw32.dll was not found. Re-installing the application may fix this problem." Other reports of the same problem are cropping up on the Adobe community site at: http://forums.adobe.com/message/2942744#2942744 Since the update to 9.3.3 I’ve received an error message stating “”This application has failed to start because lsapiw32.dll was not found. Re-installing the application may fix this problem.”

Other reports of the same problem are cropping up on the Adobe community site at:
http://forums.adobe.com/message/2942744#2942744

Like or Dislike: Thumb up 2 Thumb down 0
]]> By: GG http://krebsonsecurity.com/2010/06/security-update-for-adobe-acrobat-reader/comment-page-1/#comment-7313 GG Fri, 02 Jul 2010 03:13:58 +0000 http://krebsonsecurity.com/?p=3851#comment-7313 Another nuisance updating Acrobat reader -- the process registers multiple programs for execution at PC boot. My startup monitor traps those and asks for confirmation -- which I generally refuse. They're usually unnecessary program fast-start stubs which bog the machine down and clutter the boot process. Install/update processes should indicate which boot registrations are optional (e.g., for program fast start) and which are required to complete the install/update.

Another nuisance updating Acrobat reader — the process registers multiple programs for execution at PC boot. My startup monitor traps those and asks for confirmation — which I generally refuse. They’re usually unnecessary program fast-start stubs which bog the machine down and clutter the boot process. Install/update processes should indicate which boot registrations are optional (e.g., for program fast start) and which are required to complete the install/update.

Well-loved. Like or Dislike: Thumb up 4 Thumb down 0
]]> By: ted http://krebsonsecurity.com/2010/06/security-update-for-adobe-acrobat-reader/comment-page-1/#comment-7286 ted Thu, 01 Jul 2010 15:56:25 +0000 http://krebsonsecurity.com/?p=3851#comment-7286 I might use chrome as my pdf reader and firefox as my web browser. I might use chrome as my pdf reader and firefox as my web browser.

Like or Dislike: Thumb up 2 Thumb down 1
]]> By: george http://krebsonsecurity.com/2010/06/security-update-for-adobe-acrobat-reader/comment-page-1/#comment-7284 george Thu, 01 Jul 2010 10:42:32 +0000 http://krebsonsecurity.com/?p=3851#comment-7284 I've tried to, but they rejected me on the ground that I provided an email address with a free provider (Yahoo). Point one: They could have specified somewhere during application process a free email account is not accepted. Point two: Technically the email account provided by my employer is not mine and I cannot risk exposing it to any spam. Plus I lose access to it once I change jobs. Even directly downloading the .exe file as suggested by Brian and other Internet sources still pushes on you the Adobe Download Manager when updating to 9.3.3. For me this was the last drop, on some computers I own I switched to Foxit, on others to GhostScript/GhostView. I'm extremely happy with both. I hope for their own sake Adobe is listening and will act sometime on the complaints, their ReaderI used to love in versions 3.X to 6.X becomes a typical example of bloatware. Thank you, Brian for standing up to this, your voice should certainly weight a lot for software vendors, especially when their products are lately preferred vectors for virus infection. I’ve tried to, but they rejected me on the ground that I provided an email address with a free provider (Yahoo).
Point one: They could have specified somewhere during application process a free email account is not accepted.
Point two: Technically the email account provided by my employer is not mine and I cannot risk exposing it to any spam. Plus I lose access to it once I change jobs.
Even directly downloading the .exe file as suggested by Brian and other Internet sources still pushes on you the Adobe Download Manager when updating to 9.3.3. For me this was the last drop, on some computers I own I switched to Foxit, on others to GhostScript/GhostView. I’m extremely happy with both. I hope for their own sake Adobe is listening and will act sometime on the complaints, their ReaderI used to love in versions 3.X to 6.X becomes a typical example of bloatware. Thank you, Brian for standing up to this, your voice should certainly weight a lot for software vendors, especially when their products are lately preferred vectors for virus infection.

Like or Dislike: Thumb up 2 Thumb down 0
]]> By: TJ http://krebsonsecurity.com/2010/06/security-update-for-adobe-acrobat-reader/comment-page-1/#comment-7277 TJ Wed, 30 Jun 2010 23:42:18 +0000 http://krebsonsecurity.com/?p=3851#comment-7277 Google's adding a native (i.e., not a plug-in) PDF Reader to its Chrome browser. http://www.pcmag.com/article2/0,2817,2365366,00.asp Google’s adding a native (i.e., not a plug-in) PDF Reader to its Chrome browser.

http://www.pcmag.com/article2/0,2817,2365366,00.asp

Like or Dislike: Thumb up 0 Thumb down 0
]]> By: Al http://krebsonsecurity.com/2010/06/security-update-for-adobe-acrobat-reader/comment-page-1/#comment-7269 Al Wed, 30 Jun 2010 19:29:16 +0000 http://krebsonsecurity.com/?p=3851#comment-7269 Regarding the blocking of PDFs launching external applications, see this post from Adobe: http://blogs.adobe.com/adobereader/2010/06/adobe_reader_and_acrobat_933_a.html Look for the title "PDF "/Launch" Functionality Social Engineering Attack Update" toward the end of the post for a description of the change. Regarding the blocking of PDFs launching external applications, see this post from Adobe:
http://blogs.adobe.com/adobereader/2010/06/adobe_reader_and_acrobat_933_a.html
Look for the title “PDF “/Launch” Functionality Social Engineering Attack Update” toward the end of the post for a description of the change.

Like or Dislike: Thumb up 3 Thumb down 0
]]> By: Al http://krebsonsecurity.com/2010/06/security-update-for-adobe-acrobat-reader/comment-page-1/#comment-7268 Al Wed, 30 Jun 2010 19:23:43 +0000 http://krebsonsecurity.com/?p=3851#comment-7268 Adobe Reader 9.3.3 has one more important change to it besides fixing the outstanding security flaws. Previous version of Adobe Reader 9.3.2 and earlier allowed a PDF to open an external application. After the 9.3.3 patch, if you open a PDF that attempts this, a message is displayed telling you what application that the PDF tried to launch and that (opening the application) "This is currently disallowed by your system administrator.” Prior to 9.3.3, you had to uncheck the “Allow opening of non-PDF attachments with external applications” option in Edit - Preferences - Trust Manager to prevent this potentially dangerous feature.

Adobe Reader 9.3.3 has one more important change to it besides fixing the outstanding security flaws.
Previous version of Adobe Reader 9.3.2 and earlier allowed a PDF to open an external application. After the 9.3.3 patch, if you open a PDF that attempts this, a message is displayed telling you what application that the PDF tried to launch and that (opening the application) “This is currently disallowed by your system administrator.”
Prior to 9.3.3, you had to uncheck the “Allow opening of non-PDF attachments with external applications” option in Edit – Preferences – Trust Manager to prevent this potentially dangerous feature.

Well-loved. Like or Dislike: Thumb up 8 Thumb down 0
]]> By: Chris http://krebsonsecurity.com/2010/06/security-update-for-adobe-acrobat-reader/comment-page-1/#comment-7264 Chris Wed, 30 Jun 2010 15:20:36 +0000 http://krebsonsecurity.com/?p=3851#comment-7264 You link to me to the installation file for 9.3.0 to get the upgrade .msp for 9.3.3 go here: http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.3.3/misc/AdbeRdrUpd933_all_incr.msp You link to me to the installation file for 9.3.0 to get the upgrade .msp for 9.3.3 go here: http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.3.3/misc/AdbeRdrUpd933_all_incr.msp

Like or Dislike: Thumb up 1 Thumb down 1
]]> By: Joe http://krebsonsecurity.com/2010/06/security-update-for-adobe-acrobat-reader/comment-page-1/#comment-7263 Joe Wed, 30 Jun 2010 13:59:27 +0000 http://krebsonsecurity.com/?p=3851#comment-7263 Check out PDF-Xchange Viewer (free) from http://www.tracker-software.com/ Pluses are tabbed interface, typewriter mode (type over the top of a document, mark it up, "fill-in" a non-form), save your markup and filled-in forms, and pocket version that can run from a shared folder - update in one place for all your users. Check out PDF-Xchange Viewer (free) from http://www.tracker-software.com/

Pluses are tabbed interface, typewriter mode (type over the top of a document, mark it up, “fill-in” a non-form), save your markup and filled-in forms, and pocket version that can run from a shared folder – update in one place for all your users.

Like or Dislike: Thumb up 3 Thumb down 0
]]>