[Dshield] PDFs and Preview in Mac OS X 10.5--Official Guidance?
Jon Kibler
Jon.Kibler at aset.com
Thu Mar 26 01:35:36 GMT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael wrote:
> Hi,
>
> I am writing concerning the recent security problems with PDF files
> (JBIG2 buffer overflows). I did see a post at the SANS Internet Storm
> Center (http://isc.sans.org/diary.html?storyid=5932) that sort of
> hinted that the problem might exist for MacOS X 10.5 Preview, but I am
> wondering if anything has been issued as official guidance for persons
> running OS X (in my case, Leopard, specifically) in terms of a
> mitigation, fix, or workaround. I do note that Apple released a
> security update in mid February 2009, but further perusal of that
> document (http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
> ) doesn't mention anything to do with PDFs.
>
> I can't avoid PDFs forever. Are there any mitigations, advisories or
> good alternative PDF readers for Mac?
>
> Michael
Michael,
I actually sent a detailed analysis of the MacOS PDF issue to Apple.
Since only Acrobat Reader supports JavaScript (at least of the major PDF
apps that run on the Mac), the worst that will happen is that Finder,
Preview, or whatever will crash. Also, there is a patched Acrobat for Mac.
Bottom line: Is not a security issue per se, but can cause S/W to crash.
Also, until you have a patch, don't put PDFs on your desktop.
One final point... if you do have a bad PDF crash an app, restart MacOS.
In testing, I was able to crash MacOS after repeated PDF crashes under a
specific set of circumstances I will not disclose. However, a simple
reboot seems to avoid that issue.
Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler
My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAknK2+gACgkQUVxQRc85QlOe3ACdFePL7CLICcWMUzrTHv42CYQk
oHkAn0oICuJn1O50Rt89x/6IESdfKZy8
=d3CV
-----END PGP SIGNATURE-----
More information about the Dshield
mailing list