Do many Mac users use Acrobat reader rather than the default MacOS X one?

It seems, yet again, the lesson is to avoid Acrobat.

I'm using default one (Preview).

the UPDATE.CAB file drops another executable that injects a DLL into Internet Explorer

It seems, yet again, the lesson is to avoid Acrobat.

No, the lesson is and always has been:

1. Don't open files from unknown senders
2. Beware files on untrusted sites
3. Disable javascript except on whitelisted sites
4. Avoid Internet Explorer as much as possible

There's a thing to disable Javascript in PDF readers (I've never figured out why it would be useful to have javascript in something that is essentially a printer friendly format).

Please someone mention how to do it - I've forgotten, and it's not disabled as default.

If you do update your current Adobe Reader, be aware that on the Adobe Reader download page, the additional download of McAfee Security Scan is on by default.

Be sure to uncheck that box if you don't want McAfee to self-install. Shame on Adobe for setting it up this way.

Haven`t used Adobe Reader for years. I`ll let a few friends know though.

dc

For those Mac users that have Acrobat Pro, here is a tip to force all .pdf files to open with it rather then either Preview or Acrobat Reader:

Control click on any .pdf file
Choose "Open With"
Scroll to the bottom of the list and choose "Other..."
Click on the check box in the bottom of the window that says "Always Open With"
Navigate to your Application folder and click on Adobe Acrobat Professional.

From this point on, every .pdf file will be opened with Acrobat Pro

vordmeister,

To disable JavaScript:

File -> Preferences
Under Categories, click on JavaScript
To the right, uncheck the box next to "Enable Acrobat JavaScript"

It seems it's only an Adobe problem and doesn't affect Foxit users. This is probably a good time to make the switch.

The PDFs of today are essentially no different from years ago, so why has the reader gotten so damn bloated? I install ONE Adobe product, and suddenly my programs menu has 5-6 other apps I never asked for.

Adobe makes industry standard software in many design/publishing areas. I wonder how much longer they can ride that wave before people scream and holler for an alternative and possibly settle for a lesser product just to get away from them.

I searched my disk on my MacBook and was surprised to see Adobe Reader. I don't think I downloaded it deliberately. It had never been launched. Deleted it.

There are some PDF's out there that have nifty interactive forms, that put JavaScript to good use. Adobe competes with Word forms that way. But Preview is enough for me.

I second the motion to disable Javascript. I did this last summer when I got stung by a bug, and that has helped me avoid several scares since. My gut tells me there are lots more vulnerabilities that will only be patched after exploits are already in the wild.

This is 100% on Adobe, who released a shoddy and insecure Javascript engine where no normal person would want or expect it to exist anyway. Their entire reader is a sad joke that a decade later still brings my computer to a crawl when I have to load a .PDF document, but that's another thread.

Who still uses Internet Explorer and Adobe Reader? That's so 1999.

Besides the fact that Adobe Reader is hugely bloated, please don't miss the point that these compromised PDFs are the problem, and, we don't know how it might sit on your system until accidentally opened or sent on to someone else.

Good advice from incrediBILL, thanks.

1. Don't open files from unknown senders
2. Beware files on untrusted sites
3. Disable javascript except on whitelisted sites
4. Avoid Internet Explorer as much as possible

I agree, but Acrobat seems to be to PDF, what IE is to HTML.

After all, every time we visit an untrusted site, our web browsers are opening files from it, and we expect
then to be secure.

(I've never figured out why it would be useful to have javascript in something that is essentially a printer friendly format).

Forms.

Some of the other readers are implementing Javascript because otherwise they cannot replace Acrobat Reader in some environments.

That just begs the question of why PDF documents need the ability to submit forms in the first place. Or why the forms need to be validated by Javascript, which is a process easily circumvented anyway.

But anyway, it's in there and it'll be years before most people have updated to a more secure release.

After all, every time we visit an untrusted site, our web browsers are opening files from it, and we expect
then to be secure.

No, I never expect an untrusted site to be secure, that's why it's called UNTRUSTED.

Considering the large quantity of hacked sites on shared services, approaching them as anything but potentially hostile is a bad idea.

That's why many of us surf with javascript and other features disabled unless it's whitelisted.

The internet is no different than the real world, you never know what kind of neighborhood you're in until you get car jacked (or worse) and by then it's too late so be careful.