Adobe Read X1 security flaws
In a recent issue of Computer Active, I noticed that you had released a patch for eight security flaws discovered in Adobe Reader. I tried to apply this fix via Computer Active's suggested link, but could not. I have checked Adobe Reader X1 on my computer but the help just says there are no updates. Could you please advise me where to find the fix in order that I may ensure my system is not at risk.
Thanks.
You can get the latest version of Reader for your OS here: Adobe - Adobe Reader download - All versions
Similar Messages
-
Adobe acknowledges critical security flaw in software...
Link to BBC article:
http://news.bbc.co.uk/2/hi/technology/10257411.stm
Adobe says the vulnerability potentially enables hackers to take control of affected computer systems.
Users running Windows, Macintosh or Linux might all be open to attack.
The company is working to fix the problem. In the meantime, users of Reader, Acrobat and Flash are advised to ensure their anti-virus software is up to date.
My antivirus software? God forbid... Is this some new kind of FUD?
What other sources have you found - perhaps even with more detailed info?You can install the release candidate of flashplugin 10.1, I just changed the version and download url from the PKGBUILD in my abs tree and it seems to work. This version should not be vulnerable to the security flaw, according to the adobe site.
pkgname=flashplugin
_licensefile='Reader_Player_AIR_WWEULA-Combined-20080204_1313.pdf'
pkgver=10.1.rc7
pkgrel=1
pkgdesc='Adobe Flash Player'
url='http://get.adobe.com/flashplayer'
arch=('i686')
depends=('mozilla-common' 'libxt' 'gtk2' 'nss' 'curl')
replaces=('flashplugin-beta')
provides=('flashplayer')
license=('custom')
source=('http://download.macromedia.com/pub/labs/flashplayer10/flashplayer10_1_rc7_linux_060210.so.tar.gz'
"http://www.adobe.com/products/eulas/pdfs/${_licensefile}")
build() {
install -d -m755 ${pkgdir}/usr/lib/mozilla/plugins/ || return 1
install -m755 ${srcdir}/libflashplayer.so ${pkgdir}/usr/lib/mozilla/plugins/ || return 1
install -d -m755 ${pkgdir}/usr/share/licenses/${pkgname}/ || return 1
install -m644 "${_licensefile}" ${pkgdir}/usr/share/licenses/${pkgname}/LICENSE.pdf || return 1
md5sums=('e4cb4d26124605a54c3d498cc440368f'
'1636037610ee2aa35c5fb736a697b7e0')
Edit: I just made it so it works on my 32 bit system, 64 bit users will need to change the download url and md5sum.
Last edited by Ramses de Norre (2010-06-08 17:23:39) -
Adobe Reader bypasses "secure print" settings when printing from IE add-on
We have the IE add-on for Adobe Reader enabled (Internet Explorer 9), and we've found that for some people this is causing PDFs to get printed without the "secure print" option, even though the print dialog shows it. Our printer settings all have the setting enabled for "secure print", which requires you to enter a PIN on the printer before the print job will be released. When printing PDFs from Adobe Reader (currently 11.0.3, but I couldn't see anything in the release notes for .4, .5. or .6 that are relevant) outside of IE, secure print works fine, but when it's opened within the Adobe Reader plugin for IE, the secure print setting is enabled but the print job gets sent to the printer without the PIN requirement... somehow.
I'm completely stumped by it, and didn't even believe it until I saw it myself.
Does anyone know what might be working differently when a PDF is printed from the add-on than when it's printed by a 'full' instance of Adobe Reader?
On an affected PC, if you disable the add-on, the PDF opens in that full instance and works normally, so it's very definitely related (somehow) to the add-on specifically.Hey,
I have been advised against monitor calibration, and I'm assuming if all of my other products have come back correct in terms of colour I see on screen that it should be ok?
the person that told me about the Adobe workspace has the same printer, but she works in Photoshop, and had someone set it up for her. She tried to help over phone, but is difficult as we have different versions of Adobe software, and it was a while since she had it done.
My workspace is currently in RGB, so would you suggest working in CMYK?
If I have my workspace set to Adobe RGB (1998) should I then be changing my printer profile to the same one?
I've attached the colour setting screen shot, I've not done anything to change this.
I think I need the setting on bottom image set to 'colour sync' is that right?
I'm also not sure about the relative colourimetric option. When at art college, I was always told to print in perceptual, but not sure which is best option here. -
Adobe Reader document security properties miss-match
Hi,
I've created a document with document assembly allowed and form filling diss-allowed. Infact it's security bitmap mask is:
011011011100 or -2340
So you can clearly see that:
bit 9 is off, signifying form filling is NOT allowed
bit 11 is on, signifying document assembly IS allowed
Problem is I'm seeing this in adobe reader:
So my questions:
Why is there an inconsistency between the two dialogs?
Why in the first dialog is form filling allowed?
Thanks in advanced!
Andy.If you are using your own software, I would think that your question is not directly related with Adobe and/or Reader.
I have to disagree, perhaps you didn't see my first post with my two specific questions?
Why is there an inconsistency between the two dialogs [in adobe reader]?
Why in the first dialog [in adobe reader] is form filling allowed?
So to re-iterate. I've created a PDF with a bitmask (which you can see in my first post) which, to the best of my understanding and interpretation of the PDF spec is correct and valid for a PDF that should diss-allow form filling. This part should really not be in question, unless of course I've interperated the PDF spec wrong and the bitmask is wrong. Either way, the bitmask shows that form filling is not enabled. In adobe reader, the first security details screen says that form filling is enabled. My question is simple, why? Also, why is it inconsistent between the two properties forms?
Anyone have any knowledge about these two security dialogs in adobe reader?
I hope this helps!
Thanks a lot!
Andy. -
Adobe Reader 9 security issues
Maybe this is old news-first announced 2/24- but just came across it. Described there as "critical." Reduce vulnerability by disabling javascript in Reader preferences. Patch expected 3/11.
http://www.adobe.com/support/security/advisories/apsa09-01.html
Message was edited by: WZZZThanks for the tip, wasn't aware of it myself....
I found it completely by chance. Adobe certainly doesn't exactly go out of their way to publicize these things. They just did an important security update to Flash 10-found also by chance- and there isn't even an updater in Flash 10.
I know you don't use it anyway, but for anyone needing PDF, could always fall back on Preview, I guess, until this thing gets fixed. -
Ok Ive been working on a document as a freelancer and halfway through working I installed the new Adobe Reader 9. However now the security on the document has changed and I am not allowed to comment or anything any more on the document, which was allowed before. Why has this changed and how can I regain access to the document? This is now causing problems in my work and is delaying me.
Here is a screen shot of the document security. Why is the document security and document restrictions summary different?A user is able to apply comments on a PDF using a free Adobe Reader because the author of the PDF document "Reader Enabled" the PDF using another Adobe paid service.
Looks like there is an incompatibility in the document permission settings when you switched from a lower Adobe Reader version to Adobe Reader9. [Is the document being used by you created quite some time back? Which reader version were you on before you switched to Adobe Reader9?]. This may happen because of some inherent incompatibility between older-new application. Besides, that might not necessarily be a problem just the result of applications getting more secure as they move forward
Is it possible for you to share this document for a closer look?
Another possible way out is if you could get hold of a more recent version of the PDF document floated by the author who could perhaps "reader enable & secure the PDF" using a more recent Adobe Acrobat version? -
Adobe reader 9 security problem?
Yes, i recently read about this security problem with the PDF. I would like to know what if anything has/is being done about it and does it affect all computers or just the corporate ones? I also read there was a patch coming out about this and I would like to know where and how to get it if it is necessary.
Well, don't let this scare you ... ... but a lot of software vulnerability information is out there if you just know where to look.
Probably the most definitive source is the US CERT Vulnerabilities Database which is searchable at http://www.kb.cert.org/vuls/html/search.
This database is maintained by the "United States Computer Emergency Readiness Team (CERT)" at Carnegie-Mellon University. It's not the only database out there, but it's one of the best.
Another thing to bear in mind is that Adobe has many large government contracts ... a huge amount of government documentation (e.g. IRS forms) are produced using PDF. Therefore, you know that Adobe is informed when a vulnerability is discovered, and it has a positive-duty to participate in looking for them as well as resolving them. If you keep your systems up-to-date you can expect that patches for them will be timely included. (I am not, of course, saying that these expectations will invariably be met!) Software development organizations do maintain, although they do not routinely externally publish, problem/resolution databases that are integrated into their version-control systems.
Digging just a little bit deeper, I see that Adobe maintains "security advisories" among its support-page options. (I see that the CERT advisories refer to these URLs.) So, the information you are looking for is out there, and I'm sure that Adobe Support (note: I do not work for them...) can help answer specific questions ... especially if you have something like a CERT Advisory Number to refer to.
Many folks imagine that software companies try to conceal their vulnerabilities, when in fact the exact opposite is true: there is no such thing as "security by obscurity." White-hat people work very studiously to "get the word out." It is an international effort.
It can be a bit disconcerting at first to see literally thousands of reports (some open, some closed) concerning a well-established product that you use every day. Any exploit or vulnerability, realized or imagined, practical or theoretical, goes into that database: "Knowledge is Power." -
Adobe Reader - Continued Vulnerabilities - Embarrassing
It is simply embarrassing that Adobe can't stop releasing products with so many security vulnerabilities. Do to the latest vulnerability in 9.1, our organization of over 5000 employees will never use your product again. Additionally, the news is spreading quickly about all the vulnerabilities in Adobe and sooner or later no one will use it or move to another solution.
In my opinion, the only thing that developers should ever work on again in Adobe Reader is security! We don't need new features -- all users want to do is simply view PDF files! This should not be a hard product to secure, and it doesn't need to be 138MB to install.
I would understand is this was an incredibly complex application to secure like a Web browser, or email client. But this is just a program for one simple purpose -- viewing PDF files! Focus all efforts on securing the product and nothing else. There is no excuse for another Adobe vulnerability.
I am a software engineer and understand that programmers are human, but the repeated flaws in your software is simply embarrassing!
http://voices.washingtonpost.com/securityfix/2008/02/hackers_exploiting_adobe_reade.html
http://www.theregister.co.uk/2009/04/28/adobe_reader_flaw/
I could spend hours posting links about all the previous flaws, but I don't have time for that.
From now on focus on security in your product and nothing else whatsoever!
If possible I would like to know who specifically is responsible for the latest fault. They should probably be fired.
We need to start pointing our finger at specific programmers who were at fault for vulnerabilities and have a database to search for history of faults. Maybe this is the only thing we can do to make people care enough to design secure software.
This is an embarrassment and Adobe's programmers should be ashamed.
The question is... what will the new vulnerability be in the next "patched" version of Adobe!I partially agree with this post, but I seriously doubt that an organization of 5000 employees can drop software just like that - and I also seriously doubt that a software engineerhas any say in whether said organization changes software at the drop of a hat...or vulnerability in this case. Why don't you get a job at Adobe and fix it?
You should go to www.securityfocus.com and sign up for the notification on security vulnerability events...even Symantec has vulnerabilities in it that can be exploited...I signed up for ONE day before I got tired of the amount of email traffic generated.
There's a vulnerability, there's a work-around for it to semi-block the avenue of attack. What Adobe NEEDS to work on is not just securing their product in a more organized manner, but also provide work-arounds that can't be changed by the end-users in a business environment. What's the point of creating a GPO to fix a setting when it can be bypassed on purpose or inadvertently???? -
I am getting messages that I can't download and read .pdf files since I have the wrong Adobe reader. I know about their security disasters of course, but I downloaded the latest version of Adobe Reader from the Adobe web site and I have other ,pdf file readers as well, and for some reason they won't work either. I have 5 computers running top end processors and RAM. By this I mean I have one, this one which I am using that has an AMD Phenom Black 3.2 Quad-core with 8 GBs of Corsair top DDR2 RAM, my other two AMD have either an Athlon II triple core with 4 GBs of DDR2 Corsair RAM, one with the Phenom X4 965 3.4 GHz Quad-core with 8 GBs of their best DDR2 RAM, and two Intels with the i7 920 Processors using the triple channel 1366 socket processors and one with 8 GBs of low latency DDR3 RAM and the other with 4 GBs of the same RAM. I am getting the message on this one, which has a fresh install of XP Pro X64 operating system, as do the other 4 as well. I have run Avast Business Pro Anti-virus on this one, which I am getting the message on with a single result which I deleted, and also both Spybot Search and Destroy, which came back clean as well as Malwarebytes Antimalware, which got a lot of tracing cookies now removed, and SuperAntiSpware which also found a few cookies also now deleted. Can you tell me what I need to do to get these files to show as .pdf files rather than as a clean blank page. One other issue is that I wish to know how to turn off my downloads so they are saved and Mozilla will give me the option of returning them instead of me losing them all together as it does now. Thanks for your assistance. If there is another Adobe reader I should download and install, could you provide me with the link to it? I appreciate your assistance here
== When I download and try to read a .pdf file and when I am asked to turn off all Firefox files and if I do, I lose them since I need to know how to save them without rebooting my computer.Brilliant! Problem solved! Thanks so much.
-
Adobe Reader security update to 9.3.1 not working.
I have updated adobe reader to 9.3.1 but in Secunia PSI it's still being reported as insecure.
I uninstalled adobe reader completely, cleared all traces from the registry, and reinstalled 9.3.0, and let it check for updates. it said there weren't any.
I downloaded the security fix to update it to 9.3.1 and installed it successfully.
Adobe reader now says it's 9.3.1 in the Help About option on the help menu.
However the Reader exe file AcroRd32.exe version is still 9.3.0.148 dated 21/12/2009, as are all the plugin files except for the Forms plugin that is version 9.3.1.203 dated 02/02/2010.
I have since done a successful repair install of Adobe Reader, but PSI is still saying it's insecure because of the file version 9.3.0.148 for AcroRd32.exe, and the plugin files except the Forms plugin,
Why isn't the security update to 9.3.1 updating the exe file and plugins? Is it even working at all and fixing the critical security risks it's supposed to be fixing? It would seem all it's doing is to change the Help/About screen to read 9.3.1, and changing the Forms plugin...
Running on WIndows 7 home premium.I have same problem using Windows Vista Home Premium. Just ran Secunia and went to link and downloaded and installed 9.3.1.203, but, AcroRd31.exe still shows ver 9.3.0.148 in the Acrobe Reader files on my computer??? I do not think that the problem is solved. Apparently the update is not working correctly.
-
How do I change my security settings to allow pdf files to auto-open in new version of adobe reader?
I have just updated my Adobe Reader and now I can't download and open pdf files anymore.
I tried going through the preferences in Reader, but it says that the setting is tied in with 'security administration' settings on Mac OS X.
I have not actually changed anything in the settings so am assuming that this is something to do with the most recent update to either Adobe Reader or OS X security.
What can I do to fix this?Thank you for your help.
I also found that Mozilla Firefox seemed to be part of the problem.
Switched to google chrome and this seems to have made downloading pdf's possible again -
How do I change my security settings in Adobe Reader to allow me to add my electronic signature?
I am trying to fill out a job application that requires me to type my signature, but it will not enter. When I go to File-Properties-Security, it says signing is "Not Allowed". How can I change this to allow signing? Thanks you so much.
Not possible with Adobe Reader.
-
How do I open a secure document in Adobe reader using my iPhone 5
I Am trying to pay a bill using adobe reader. I understand how to open a document from my emails with the app, but once I open the document in Adobe reader it is still secured and will not let me enter in my account info to pay the bill. How can this be fix?
Adobe Reader mobile products (Reader for iOS, Reader for Android, etc.) do not support commenting or form filling with secured (hence, encrypted) PDF documents.
Please use the desktop version of Adobe Reader on your Windows or Mac computer to fill in the secured PDF form. Sorry for the inconvenience. -
Adobe Reader Crashes while opening Secure PDF Documents
Hi,
I have Adobe Reader 8.1.2. Up until today, i was able to open secure PDF documents without any issue. Suddenly, it started to give me errors, saying "Adobe Reader has encountered a problem and it needs to close. I have to tell Microsoft" and so on...
I tried re-installing 8.1.0, secure documents opened a few times and then the same problem returned. I can open normal PDF documents but the problem is with the secure ones.
Rebooting, re-installing again didn't help.
What could be the issue and how to solve it? I have Trend Micro Antivirus s/w but i always had them all these days and everything was fine.
Thanks
anandHi,
Can someone help me on this please?
I have tried removing Adobe Reader, re-install it but doesn't help. Secure documents do open sometimes but fail again. I have even tried removing Adobe Reader using MSI Cleanup Utility, no use.
The problem seems to be in the imapdb.dll. An error report is generated by Windows XP but it is rather large to fit in here.
I also Trend Micro Anti-Virus tool and it may have something to do with it is what i feel.
Any help on how to solve this will be great.
Thanks
Kripaludas -
Password security and write file in Adobe Reader
Hello! I have Adobe Acrobat 9 Professional. I have one question - can I make a PDF file with the following settings
1. Adobe Reader users can save the filled file and print
2. You can not modify file - filling of form fields is blocked
3. Set security method: password security: Document Open Password and Change Permissions Password.
The problem is that, as I set password security, Adobe Reader user can't save filled pdf file.
Thank You in advance...
Matthew
PolandYou must allow form filling.
Maybe you are looking for
-
I have recived a new computer for christmas and dowloaded the new itunes on it but when i hook my iphone 4 up to the new computer with the new itunes it will only show up on the new devices the music i have on it will not show up in the new itunes li
-
Error while uploading a file via GS_CM
Dear experts, When we try to upload some files to CRM incident via GS_CM we gen a following error: "operation is not allowed (crm_p_ord)" We noticed that the error usually arrears when we upload files with long file names ( 30> chars) It's important
-
Save for Web & Devices window doesn't fit @ 1366 x 768
I'm using a MacBook Air running at 1366 x 768, or within Adobe CS5 requirement tolerances, but whenever I try to 'Save for Web & Devices', the dialogue box that pops up is much too big, vertically speaking, for my screen. Attempting to minimize/maxim
-
Saving to PDF with hyperlink sections
I've saved a 200 page PDF document from Word. The Word document contains hyperlinks on the contents page to jump to the relevant section in the document. Is there a way to do with for the PDF I've created? I've received large PDFs in the past which a
-
In Mail 6.3 on 15" Macbook pro, an email received show a bunch of A's in square boxes. On an Identical Laptop, everything shows up fine. I cant find any configuration differences, but I may not know where to look. Any help out there?