"Apple Bug" number six hits Windows, Linux too

Stephen Withers
Sunday, 07 January 2007 14:07

Your IT - Home IT

The Month of Apple Bugs has turned up another cross-platform issue - this time one that affects Windows, Linux and potentially other operating systems in addition to Mac OS X.

The latest problem concerns PDF files. According to LMH, the PDF 1.3 specification has a design flaw in that a malformed catalog dictionary (which references the various objects and data that make up the document) or Pages entries (which allow readers to handle large documents in relatively little memory) results in undefined program behaviour.
It appears that some common PDF-reading applications - Mac OS X's Preview 3.0.8 (ie, the current version), Adobe Reader 7.0 and earlier (including Acrobat Reader), and xpdf 3.0.1 patch 2 (current) and its derivatives - fail to check the validity of invalid entries, and this can result in a variety of error conditions. Adobe Reader 8.0 "is not affected apparently."

"Actually, exploitation of this issue for arbitrary code execution is possible," LMH claims, depending on the application and the condition caused.

The suggested workaround is to avoid untrusted PDF files and to remove any browser add-ons that automatically open PDF files. "A temporal solution might be using Adobe Acrobat Reader 8.0.0 but it may be affected by other issues as well."

Acrobat Reader 8 is not very popular among Mac OS X users as it is slow to load compared with Preview.