• viking@infosec.pub
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      9 个月前

      One more reason never to use the official adobe software. SumatraPDF is awesome. Barebones and blazing fast.

      • Yggstyle@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        9 个月前

        Anti adobe is cool - the recommendation is appreciated… but any software can be the target of a document based exploit and may well be susceptible to the same exploit depending on the libraries used. Additionally, smaller software projects can take longer to update as they have less staff working on them. Absolutely support open software and alternatives… Just a word of caution.

        • viking@infosec.pub
          link
          fedilink
          English
          arrow-up
          1
          ·
          9 个月前

          Yeah it does. Adobe has a lot of active script support, including java script for example, which can be exploited. If a software can’t interpret those scripts at all and simply displays plain text, that means malware won’t be executed.

          And since Adobe Acrobat / Acrobat Reader are the most common pdf viewers out there, they are a natural target for hackers as well.

          • iAmTheTot@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            ·
            9 个月前

            Is Acrobat the only pdf reader with active script support? For example, do the common browsers which can also open pdfs not support the same things?

            • viking@infosec.pub
              link
              fedilink
              English
              arrow-up
              1
              ·
              9 个月前

              I genuinely don’t know, I have set my browser to download pdfs by default and only open them with Sumatra. There might be a scripting layer active in the browser as well though, quite possible.

              • iAmTheTot@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                1
                ·
                9 个月前

                Then would you agree that it doesn’t have to do with Adobe Acrobat, as much at it does active script in PDFs and if the reader executes it?

    • Yggstyle@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 个月前

      If you view it on your system it’s a vector. Large / complex documents which may parse things with different libraries just happen to have a larger attack surface.