After such headlines as ‘Adobe flaw may be ‘worst’ bug of 2007‘ scarcely a week into the new year, one could perhaps be forgiven for feeling a little nervous. As it turns out however, this latest flaw now seems more like a falling acorn than a piece of sky.
Sounds pretty scary, huh? Well, there are a few reasons that the problem now appears so much less imposing. For a start, the bug only occurs in quite unusual Web browser/PDF viewer combinations. The other point to note is that, due to the rarity of the vulnerable configurations, it’s hardly worth the cost of the instant coffee they’d drink while coding for malicious programmers to write the appropriate malware in the first place.
In any case, the simplest fix for the issue is to upgrade to the latest version of the free Adobe Reader (version 8.x), which does not possess the flaw. Basically, that equates to peace-of-mind at the cost of a little bandwidth. For the users who are particularly attached to their older versions (e.g. those using a full version of Acrobat 7.08 or older), Adobe has pledged to release patches to nix the bug. In the interim, such users can adjust their browser preferences to prevent the Reader plug-in from opening within the browser.
Although the vulnerability is a dangerous one, it is only a potential problem and even then, it can only affect a very small percentage of users. I tend to agree with Duff Johnson that the flaw’s dangers have been much exaggerated, although I wonder if it isn’t more of a case of ‘Chicken-Little-itis’ rather than a deliberate media beat-up.