(yes I know… I’m late )

The hole is exploited through the use of a specially constructed pdf-file using javascript. When successful, the attack could make it so that the attacker can execute code with the user credentials of the person opening the malafied pdf.

Adobe has already issued a security patch for version 8.1.2 which resolves the problem. Alternatively, users can also disable the use of javascript in pdfs in the Preferences menu.

Originally, the exploit was discovered in one of Adobe Reader’s alternatives, called Foxit Reader. By using a similar crafted pdf-file, the same kind of attack could be executed. At first it was assumed that only this Foxit Reader was affected, since the way the javascript was constructed didn’t pose a problem in Acrobat Reader.

However when security analysts examined the code in more detail, they found that also Adobe’s version was being affected. It is true that the bug is not being caused by exactly the same code, but nevertheless this hole was exploitable here as well.

The most significant improvement here is that with this new version, there is now support for effects and filters that are custom created by the designer. Also, for playing 3D elements and effects, the software can now directly make use of the computing power of your graphic-card. Further on, the layout possibilities for text and the audio-processing by the program have been improved.

To me, the most stunning fact however is that this release is so close to the new Silverlight by Microsoft. I don’t think it’s a coincidence these direct competitors both come up with their new version so close to each other.

Where Silverlight yesterday seemed hot news, and probably still is, it’s still in it’s infant shoes (although MS would like us to believe otherwise). The bad, or lack of, support in the cross-platform section, is definitely something to watch out for. Granted, Flash isn’t that wonderful on, for example, Linux either, but at least there is some support, and hopefully this will improve even more with version 10.

In my opinion Adobe has made a very smart move here, as it will probably result in slower adaptation of it’s competitor. For the moment, Flash player seems to stay the software of choice for multimedia content on the Web. Will it stay like this? Only time will tell…