skip to main |
skip to sidebar
3:30:00 PM
valgeo
Adobe has ignored Linux users
while fixing critical memory-related bugs in its Reader. Adobe resolved
the issue for Windows and Mac OS X users leaving Linux users on their
own in a situation where researchers say that “potential attackers could
find enough clues to build an exploit by comparing the current Windows
version of Reader with the previous one.” One of the major concerns is
that Linux users running the patched versions of Adobe Reader contain 16
open security holes.
The warning was issued by
Internet search giant, Google, whose employees Mateusz Jurczyk and
Gynvael Coldwind initially examined the PDF engine of the Chrome browser
and discovered numerous holes. They then tested Adobe Reader and found
about 60 issues that triggered crashes, 40 of which are potential attack
vectors, according to the H Open report.
There is very little
that Linux users can do other than deleting the annots.api and
PPKLite.api plug-ins from the
/path/to/Adobe/Reader9/Reader/intellinux/plug_ins directory. This will
solve only two open security holes out of 16. According to the H Open
report, “The Google employees have recommended that users not to open
any PDF documents from external sources in Adobe Reader. Users can
protect themselves by disabling the Reader's browser extension which
allows the holes to be exploited with a simple visit to a specially
crafted Web page."
3:30:00 PM
valgeo
0 σχόλια:
Post a Comment