Adobe Cautions Against Installing Third-Party Security Patch
Adobe Cautions Against Installing Third-Party Security Patch
Posted 09/17/2010 at 6:21am
| by Paul Lilly
3
Comments
Print
For those of you still getting your PDF fix with Adobe's Acrobat software, you might have been tempted to install an unofficial security patch from security and software firm RamzAfzar. The third-party fix replaces the vulnerable CoolType.dll, addressing a critical Reader bug Adobe disclosed earlier this month.
"We've decided to modify this strcat call and convert it to strncat. Why? Because strncat at least receives the buffer size and how much bytes you want to copy from src do dest," RamzAfzar explains about its patch.
According to Threatpost.com, Adobe confirmed in an email that the unofficial patch does seem to stop vulnerable versions of Reader from crashing, but warns there are always concerns with installing software from unknown sources. As Adobe explains, a DLL is the equivalent to an EXE and users should never install these from an untrusted publisher. In addition, users will have no guarantee that future Adobe updates will work after applying third-party patch jobs. And finally, Adobe warns that altering the DLL might break functionality and could disrupt critical workflows.
But is it really as dangerous as Adobe warns? Maybe, maybe not. The unofficial patch has the backing of at least one security researcher who earlier this week tweeted that it works as advertises, and nothing more.
More like this
3
Comments
Comments are closed on this article
skirge01
September 17, 2010 at 9:46am
"As Adobe explains, a DLL is the equivalent to an EXE and users should never install these from an untrusted publisher."
Then, I guess we should all uninstall Acrobat Reader, since Adobe has clearly proven they are not a publisher to be trusted.
Blues22475
September 17, 2010 at 7:16am
It should almost be common sense that you install patches from the author of the software, and not from 3rd party.
Regardless, to avoid all the drama with Adobe Reader, you sould probably just install another PDF reader (such as Foxit reader). That's what I did.
Bullwinkle J Moose
September 17, 2010 at 6:52am
Everyone else cautions against installing Adobe..
Stay Tuned
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy10 hours 33 min ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj10 hours 42 min ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E2 days 8 hours ago
