I was just reading an article that mentioned attempting to insert malware on to the systems of Chinese human rights advocates using PDFs or Word docs. I am used to being circumspect when it comes to downloading executables, but I hadn’t considered the case of PDFs. The mechanism is to cause a buffer overflow to cause arbitrary code to be executed. What version of Reader has closed this loophole? Is this a Windows-only issue? I mainly use linux and os x. How big an issue is this for other viewer applications?
Buffer overflow exploits are generally very specific, requiring a specific version of the reader running on a specific operating system. Any change at all, even one not meant to stop the exploit, probably will. There might be a separate exploit for a different reader on a different OS, but it’d be essentially unrelated.
All versions of adobe have this. Disable javascript in Reader or use something like Foxit. The hack for Reader wont work in Foxit or different readers.
Version 9.3 of Adobe Reader has been released to fix this latest exploit.
However, like others I recommend that unless you need something supplied only by the Adobe Reader, that you use one of the other free readers that do not suffer from these exploits.
It is my understanding that an exploit of this nature causes the PC (program counter, not personal computer) to point at some section of memory where the malicious code lives, correct?
Well, the same kind of exploit could be written for these free readers. But because the Adobe reader has the biggest share of the market, that’s the one malware writers & Chinese governments target. If any other reader begins to have a significant piece of the market, they will probably write an exploit for it, too. There’s nothing stopping them, except the quality of the original code. And comparing that between freeware authors and Adobe’s coders is difficult.