back to article Haven't updated your Adobe PDF software lately? Here's 85 new reasons to do it now

Adobe has posted an update to address 85 CVE-listed security vulnerabilities in Acrobat and Reader for both Windows and macOS. The PDF apps have received a major update that includes dozens of fixes for flaws that would allow for remote code execution attacks if exploited. Other possible attacks include elevation of privilege …

  1. Anonymous Coward
    Anonymous Coward

    85 CVE-listed security vulnerabilities in Acrobat and Reader

    Given the quality of previous Adobe security fixes, there will now be at least another 85 new vulnerabilities for the hackers to find.

  2. redpawn

    For @#&% Sake,

    Just put the poor beast down already!

    1. Tom 7

      Re: For @#&% Sake,

      Painful Document Format.

      1. BillG
        Go

        FoxIt Reader

        I left Adobe Reader earlier this year and installed FoxIt Reader instead. WOW - what a difference - fast, easy to use, and FAST!

        And FoxIt doesn't "helpfully" hook into the rest of my computer. No more does my CPU and hard drive churn when I just single-click on a PDF in Windows Explorer (I don't even open the damned PDF and Adobe still likes to get involved.)

        1. elDog

          Re: FoxIt Reader

          There are 100's of alternative PDF readers out there. Probably 20+ readers/editors.

          PDF is just the format for a file that can be rendered somewhat faithfully.

          The readers/editors will all have potential faults in how they handle strange stuff in the incoming file. Each one might be subject to compromise. Don't think that Adobe is the only bad actor, just because it has usually been so.

          1. Anonymous Coward
            Anonymous Coward

            Re: FoxIt Reader

            I was a fan of FoxIt for many years until the update frequency got incredulous. I switched to Sumatra which seems identically speedy and either less bug-ridden, or less updated (grin)

      2. elgarak1

        Re: For @#&% Sake,

        Nope. The format is actually quite nice. I handle them daily, and have no problems whatsoever.

        What IS painful is the most common software combo to handle them – Windows, Office, and Adobe's Acrobat Reader. The irony is that Adobe's free software is one of the worst, given that it was Adobe that developed the format.

    2. bombastic bob Silver badge
      Meh

      Re: For @#&% Sake,

      there are at least 2 alternatives I'm aware of [atril and evince] and they run on Linux and FreeBSD [although evince may have mono dependencies now, DAMMIT - I use an older version of evince on windows machines, however, and so maybe it's there but I didn't notice]

      in any case, PDF is well supported in the open source world. We don't need Adobe's "special sauce" nor their attempts at *SLURP* [why ask me to LOG IN using my E-MAIL ADDRESS just to view a PDF file????]

      So yeah, toss Adobe's reader in to the trash and get something that actually WORKS! Atril is my current favorite. That may change if they do something stupid (like include mono dependencies).

    3. phuzz Silver badge
      Thumb Up

      Re: For @#&% Sake,

      Firefox and Chrome(ium) both display PDFs natively, so there's another two possibilities which are available for a range of OS's

  3. Colonel Mad
  4. Anonymous Coward
    Anonymous Coward

    I am amazed...

    ...that they just keep coming, after all these years.

    If you add them up there's probably two critical bugs per actual line of code. That takes dedication.

    / It's actually quite impressive how badly this software has been written

  5. John70

    It'll probably cost less to delete all the source code and start again from scratch and this time leave out all the bloat.

  6. Tromos

    Update your Adobe PDF software...

    ...to something not written by Adobe.

    1. tony2heads

      Re: Update your Adobe PDF software...

      Master PDF Editor works for me

      1. Bronek Kozicki

        Re: Update your Adobe PDF software...

        FWIW, I use Foxit PhantomPDF and rather like it. They also give away a nice PDF reader.

    2. Daniel von Asmuth
      Facepalm

      dozens of new holes patched

      I suppose new holes means bugs that are not present in older versions of Acrobat Reader.

  7. James 51
    FAIL

    How many holes does Adobe software ship with? If they know it's this buggy, what are they doing about it prerelease?

    1. Anonymous Coward
      Anonymous Coward

      >> what are they doing about it prerelease?

      Adobe Intern: "Err.. here are the fixes for the 85 bugs in Acrobat and Reader you gave me."

      Adobe Manager: "It took you long enough, I gave you that job over an hour ago!"

      Intern: "Sorry! What happens now? Do the changes get reviewed and tested?"

      Manager: "Ooh hark at you! 'Reviewed and tested'! This is Adobe! We don't need to do nonsense like that, especially since none of them are being targetted in the wild! Now here are 200 bug reports for Flash run-time. I need them fixing before lunch!"

      1. steviebuk Silver badge

        Too true. So many of these companies get rid of the good & well paid people so they can replace them with cheap interns.

  8. Gene Cash Silver badge

    > Fortunately, Adobe said that none of the bugs was currently being targeted in the wild - yet.

    So is there any sort of backup for lofty bullshit like this? Or is it just "nobody emailed us to tell us they're using this exploit"?

    1. phuzz Silver badge

      Nah, all the bad'uns are still using the fifty odd exploits from last month.

  9. Doctor Syntax Silver badge

    Haven't updated your Adobe PDF software lately?

    No. Don't use it. Okular does quite nicely.

  10. Anonymous Coward
    Anonymous Coward

    85 new reasons to do it

    IMPRESSIVE (click bait). So, I've bitten: I can match that, but I have (at least) four reasons NOT to install Adobe Reader in the first place:

    1. size of installation file, then the size it takes on my hard drive, all over the place

    2. what it does to my registry, trying to be "helpful" without asking (not to me, that's for sure!)

    3. time it takes to open a single, FUCKING 1 MB pdf. It's like firing an Apollo 11 rocket to get to local Tesco

    4. every now and then read about 85 reasons to patch it

    Solution: find a free pdf software that's none of 1 - 4 and live happily ever after. Software such as? Well, google be thy friend! The End.

    1. Ben Liddicott

      Re: 85 new reasons to do it

      Edge has a perfectly functional pdf reader built in.

      1. Anonymous Coward
        Anonymous Coward

        Re: Edge

        Edge gets a lot of unjustified hate.

  11. elgarak1

    Adobe PDF Software?

    Ummm.... Don't have it...

    I'm on a Mac, which means everything on my machine can handle PDF without the need to install anything, from Adobe or elsewhere (it has been declared one of the essential file formats by Apple ages ago).

    Yeah, sure, Apple's software (in particular Preview, which pretty much acts as Mac's Adobe Reader equivalent) has its own share of problems. I'm still a smug bastard about this in particular. I have a LOT less trouble (practically zero) with PDFs than with, say, .doc/.docx. ;)

  12. Teiwaz
    Devil

    Zathura

    A pdf viewer without vi bindings would be just odd at this point.

    1. Anonymous Coward
      Anonymous Coward

      Re: Zathura

      >> vi bindings

      Oh no! don't release the vi/emacs demons!

    2. katrinab Silver badge
      Mushroom

      Re: Zathura

      [vomit emoji]

      Your choice of icon is completely appropriate for anything with vi bindings.

      I know Adobe software is bad, but it isn't so bad that I would inflict /that/ on myself.

      1. Teiwaz
        Angel

        Re: Zathura

        Your choice of icon is completely appropriate for anything with vi bindings.

        I know Adobe software is bad, but it isn't so bad that I would inflict /that/ on myself.

        Bwah-Ha-Ha

        From the point of view of a non-vi user, it makes no sense, yes.

        But if you are vi-able, it makes perfect sense to lean toward applications with vi bindings across as much of the ui as possible.

  13. steviebuk Silver badge

    This is annoying and interesting

    Annoying as I've just learnt a bit more about Group Policy so played with trying to deploy Adobe DC (that was a mistake. Although ended up finding a good guide). Got it working so annoying that now need to apply a patch. But interesting as can now see what an update does to the deployment.

  14. Michael H.F. Wilkinson Silver badge

    Plenty of alternatives to the sluggish monster that is Acrobat Reader. I really avoid using it at the moment. I am also always annoyed at how it wants to "save changes" to a PDF presentation (made using pdflatex), in which I have edited exactly NOTHING in Acrobat Reader. What does it feel it needs to change to the file? Does it want to add ads? Custom malware? I seriously doubt any addition made by Acrobat Reader would be useful to me in even the widest sense of the word.

  15. Version 1.0 Silver badge
    Unhappy

    Adobe Reader used to be quite good

    But that was about ten years ago.

    My bet is that the majority of these new vulnerabilities are in the "enhancements" and new features that Adobe keeps adding to try and hook users into their infrastructure. One of the issues that I have with the modern environment is that the manufacturers are far more interested in trying to get users hooked on their products than writing secure, bug-free software - nobody seems to care about that any more.

    1. Ben Liddicott

      Re: Adobe Reader used to be quite good

      No. No it didn't. It was always terrible. I was there, I remember.

    2. Teiwaz

      Re: Adobe Reader used to be quite good

      Adobe Reader used to be quite good

      But that was about ten years ago.

      @Version 1.0 - Thanks for popping in from your strange parallel dimension, are Pot Noodles also really tasty and is it nice there?

    3. N2

      Re: Adobe Reader used to be quite good

      But that was about twenty five years ago.

  16. theblackhand

    Thanks for the reminder

    * checks for updates *

    None

    * uninstalled *

  17. Thrudd
    FAIL

    Enhancement?

    Quick question since I haven't used this in a decade.... Does it still attempt to back everything to the cloud... ie the Adove servers?

    1. dajames

      Re: Enhancement?

      Does it still attempt to back everything to the cloud... ie the Adove servers?

      It seems to, yes ... though I only use the Android version (because I haven't yet found time to locate an Android PDF viewer that isn't worse -- suggestions please!).

      On a recently reset tablet I reinstalled Adobe Reader and was horrified to be confronted with a screen that invited me to sign in to the Adobe Cloud (using a Google, Facebook, or Adobe ID). It took me a while to notice a small, subtle, cross in the top corner of the screen that let me bypass that crap and open the PDF.

  18. GrumpenKraut
    Angel

    Stopped using acro%^$7 when I found...

    that it searched the whole bloody file-system. A stale NFS mount stalled it, that's how I noticed.

    mupdf needs to be mentioned here, the fastest pdf reader I have met so far: with simple pdfs it can render at a rate of 100 per second on a decent machine. pdf-movies are possible and totally fun.

    I am a completely normal person, thank you for asking -------->

    1. bombastic bob Silver badge
      Unhappy

      Re: Stopped using acro%^$7 when I found...

      "that it searched the whole bloody file-system"

      I became 'slurp-aware' when pre-installed Adobe reader on a reconditioned windows 7 machine asked me for an e-mail address to register with their online services, EVERY! STINKING! TIME! I tried to use it.

      The possibility that they're ALSO scanning your network is VERY, VERY, DISTURBING...

      [what we need is actual confirmation of their data slurp so that no doubts will remain]

  19. elvisimprsntr

    I uninstalled everything Adobe years ago, Flash and Acrobat. I highly recommend everyone else do the same.

    The only reason I have Oracle JavaRE installed is for a single home automation controller console interface, otherwise JRE is disabled by default.

  20. mark l 2 Silver badge

    I ditched Acrobat in about 2009 as discovered that there are other much better free software out there to read PDFs.

    On the rare occasion I need to edit the content of a PDF document, Libreoffice will open PDF's and let you edit them should you want to. Although the rendering can get messed up with the document uses fonts not present on your computer.

  21. N2
    Thumb Down

    No thanks

    Got rid of everything Adobe years ago, seemed bloated and slow.

    Don't like their cloud 'ransom ware' offerings for photgraphers either.

  22. Lostintranslation

    I am curious to know whether these 85 flaws have always been in the software or have been recently introduced to make up for the holes that have already been patched?

    It's obviously useful to *someone* to have a piece of software that is almost universally installed on Windows machines and is so exploitable.

  23. Tree

    Acrobat Reader 4.0 was the last good version

    The older versions are not BLOATWARE and don't connect to unknown serves on the internet. 2.2 megabytes for version 4.0. Much harder to hack than recent bloated Adobe products.

  24. john fisher 1

    No problem for me. I just use Acrobat X standard and let the world go by.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like