The venerable Adobe Acrobat Reader PDF file interpreter plugin and application. You never even gave it a second thought, did you? Well, eWeek identifies some of the other plugins that have risen once Adobe turned the standard loose on the world:
Just about everyone uses PDF files to some degree: You have to be able to read them on just about any device, and the ability to write PDFs is common in most organizations. Yet security problems with Adobe’s Acrobat and Reader programs have been fairly common and are actively exploited in the wild.
One thing you can do to protect yourself is to switch away from Adobe products. Since Adobe published the PDF spec many years ago, numerous companies have developed their own software to read and produce PDF files.
Because many more desktops will run the free Adobe Reader program than the for-pay Acrobat program, eWEEK Labs decided to put Reader up against some of its rival free “viewer” programs: Foxit Software’s Foxit Reader, Tracker Software Products’ PDF-XCHANGE VIEWER, CoolPDF Software’s CoolPDF, CAD-KAS’ CAD-KAS PDF Reader 2.4 and soft Xpansion’s Perfect PDF Reader 5.
During tests, I didn’t see any meaningful misrendering of documents using any of these products, although it’s entirely possible that subtle differences eluded me. (Automation of testing of rendering fidelity is difficult at best.) I focused tests on a selection of 10 PDF documents found on the Web that used a variety of PDF features, including scripting and advanced form capabilities.
After testing was completed, I’m not so anxious to dump Adobe, as all of the programs tested provided reason for concern. Perhaps responsibly managing the vulnerabilities in Adobe products is the best solution.
That is, they’re most buggy when you do anything complicated with them like forms and whatnot, and they don’t protect document changes even if you’ve specified the PDF file should.
I don’t imagine that this will make it to the top of your testing checklists, but you probably ought to know about it and bring it up in your comprehensive risk conversations.