
Security Flaws in Adobe Acrobat Reader Allow Gaining Root on macOS Silently - feross
https://rekken.github.io/2020/05/14/Security-Flaws-in-Adobe-Acrobat-Reader-Allow-Malicious-Program-to-Gain-Root-on-macOS-Silently/
======
katabasis
At this point I consider the Adobe suite to be basically the same as malware.
Their apps seem to want to take over your system, install all kinds of
"helpers" that run in the background constantly doing god knows what, etc. And
their security record is terrible.

It's a shame because as someone who has a lot of interest in design,
photography, etc. I acknowledge that they create some very powerful tools. I
still miss Lightroom. But I'm just not willing to give them this much control
over my computing environment any longer.

~~~
oh-4-fucks-sake
For just a free, straight-forward, full-featured PDF reader/viewer/text-finder
I've been a long time user of Foxit Reader:
[https://www.foxitsoftware.com/pdf-reader/](https://www.foxitsoftware.com/pdf-
reader/)

It's a mature product at this point and have had a good experience for years
now.

~~~
MaxBarraclough
I used to recommend Foxit too, but all major browsers now ship with good PDF
support.

~~~
TylerE
For me, not being in the browser is a feature, not a bug. I often want to be
able to open a PDF in a dedicated window I can easily switch to.

~~~
MaxBarraclough
Sure, but you can open a PDF in a new browser window. I'd rather not broaden
my trusted codebase by installing another PDF reader.

~~~
TylerE
OSs have this annoying habit of condensing multiple windows of a single
application down to one taskbar item/dock item/whatever.

~~~
alpaca128
On Windows this can easily be remedied in the options accessible via the
taskbar. I always turn this off and tell it to show the full window titles
instead of just the icons. Windows are not browser tabs, I don't ever have
enough of them open to need that stacking behaviour.

~~~
MaxBarraclough
Another option for Chrome/Windows is to open a Guest window or an Incognito
window, which is treated as a separate window-group.

~~~
MaxBarraclough
Too late to edit: I see now that only a Guest window gets its own window-
group. Incognito windows do not.

------
_bxg1
The good news is, unlike Windows, macOS has a fantastic default PDF viewer
("Preview") and I don't know why anyone would ever install Acrobat on it

~~~
mfer
Preview has issues with PDFs with form fields right now. It causes a bunch of
people to need to install Acrobat for that use case. :(

~~~
jmondi
Installed Acrobat a few weeks ago for this use case specifically. I feel like
Preview used to be a lot better at editing fields, recently it has been a real
pain.

~~~
ggregoire
Are there not any alternatives to Adobe Acrobat Reader on macOS for editing
fields and other use cases listed in the other comments?

~~~
leejoramo
Apple's Preview does a pretty good job with generic pdf forms. Unfortunately,
Adobe has created multiple types of pdf forms using different technologies and
very complex specs. Apple does not support all of these. (You can also find
many cases of PDF forms using Adobe tools that do not round trip between
platforms).

PDF Export does a good job of filing in the gaps.

[https://pdfexpert.com](https://pdfexpert.com)

~~~
rspeed
Not just complex specs. Some of them are proprietary.

------
pjc50
At this point Adobe have to be responsible for some overwhelming fraction of
all desktop exploits. There's _always_ bugs in PDF readers. Not to mention
their history of Flash (admittedly bought in rather than written)

~~~
nine_k
Even if a PDF viewer is full of security holes like a colander, I don't see
why this should lead to gaining _root_ access.

Why on Earth should Acrobat have any part even running as root? This design
seems detective.

~~~
saagarjha
Updater.

~~~
zamalek
And this "inventing your own launcher/updater" fetish that seems to be
pervading software. There is a corollary to Zawinski's law here: every piece
of software eventually installs yet another shitty updater alongside itself.

Fuck the perfectly functional updater built in the Mac store.

~~~
coldpie
Yeah, for all the complaining we do about the various app stores, shitty devs
like Adobe really forced the platform vendors' hands on this. Users and devs
can't be trusted with that capability, the platform vendor needs to be the
adult in the room.

~~~
vageli
> Yeah, for all the complaining we do about the various app stores, shitty
> devs like Adobe really forced the platform vendors' hands on this. Users and
> devs can't be trusted with that capability, the platform vendor needs to be
> the adult in the room.

It doesn't even have to be like this though. Why not a simple notification
directing me to the download? I guess reduced friction but is that really it?

~~~
chii
if done well, an updater is fine. See chrome/firefox's updaters.

~~~
zamalek
Those updaters do work great, probably because (at least on Windows) they
circumvent elevation by not requiring it.

The problem is that, if every app decides to use its own updater, there's a
good chance that your internet line could get saturated when everything
decides to update at once (especially when this awful PDF reader is _180MB_ ).
A system-wide updater avoids this issue.

------
nneonneo
Adobe patched this to prevent symlinks but apparently didn’t bother to add any
sandboxing to their root helper tool. Logically this means that any future
bugs in this tool will result in the same level of exploitability.

Nowadays self-updating software, from the user perspective, can be as easy as
using Touch ID, so why Adobe and other companies are still messing around with
complex, insecure and fragile autoupdate permission bypasses is beyond me.

~~~
monadic2
The idea that any pdf reader, or indeed any aspect of itself, might require to
run as root is ridiculous. We’ve had drag and drop install the entire history
of adobe-on-mac os x. What is taking them so long?

------
jbverschoor
When will I be finally able to use adobe malware through the AppStore, fully
sandboxed?

That 15% recurring is not too much to spend to have a secure system without
all the malware adobe installs on your laptop. Disgusting company.

------
numbsafari
It's amazing how the software industry has managed to insulate itself from any
kind of serious liability when it comes to the dumpster fire that is security
and privacy.

Could you imagine if other engineering disciplines had the kind of liability
protection that software companies do?

~~~
aduitsis
Faulty avionics software leading to an airplane crash will get all due
liability. Faulty pdf readers leading to a pc getting taken over, doubtful.

~~~
numbsafari
PC takeovers leading to millions of people being victims of identity theft, or
used as a backdoor for national security relevant hacking efforts... We need
to stop acting like these things are “insignificant” and accept responsibility
for our actions.

------
CivBase
Why does _anyone_ install a dedicated app for _reading_ PDFs?

Edge, Chrome, and Firefox all have built-in PDF readers. macOS's built-in
Preview app can read PDFs. Just counting those four solutions, most users
already have at least two PDF readers on their computer without installing
Acrobat, Nitro, Foxit, or whatever.

 _Stop installing dedicated apps for reading PDFs! They are bloatware meant to
encourage users to buy PDF editors which most will never need!_

~~~
superhuzza
I use Okular because I like being able to:

\- Highlight

\- Leave expandable comments

\- See the page thumbnails

\- Have access to area select/table select

\- Configure my pdf reader quite a bit

I spend a lot of time reading .pdfs because I'm in grad school right now.
Using Okular is way more convenient than trying to use browsers. This is not a
strange use case at all, many people who frequently read .pdfs have the same
needs.

And it's clearly not trying to sell me on a pdf editor, because it's not
related to a paid editor. Or at least I'm not aware of it, either way is fine
by me.

~~~
Terretta
Those are all cool, and for those plus more, I prefer the relatively obscure
LiquidText for annotation:

[https://www.liquidtext.net/liquidtextadeeperdive](https://www.liquidtext.net/liquidtextadeeperdive)

(To a sibling comment, just stop using MacOS: it's not a rule, but the
usability and craftsmanship sensibilities that create software like LiquidText
tend to cluster with the usability and craftsmanship sensibilities that
appreciate MacOS.)

~~~
codethief
>
> [https://www.liquidtext.net/liquidtextadeeperdive](https://www.liquidtext.net/liquidtextadeeperdive)

I was really hoping to find a good application for reading & annotating PDFs
on Linux behind this link.

:(

~~~
superhuzza
Give okular a try!

------
tech234a
I tend to use Adobe's little-known Acrobat Customization Wizard DC for
Windows[1] to disable some of the unnecessary features in Adobe Reader. It is
free and does not require a license, nor does the enterprise installer for
Adobe Reader require a license. Features I disable include the online
subscription services (actually a checkbox labelled "Disable Upsell"), cloud
storage integrations, and Adobe sign-in. I enable Protected View for documents
from "potentially unsafe locations" (basically downloads/emails). You can also
disable automatic updates, though I tend not to. These changes make the UI far
less cluttered. I suspect that these changes also improve speed, security and
privacy, though I have not done any particular testing to confirm that.

Basically you use it by uninstalling any existing Adobe Reader installations,
installing the customization wizard and then downloading the enterprise
installer for Adobe Reader[2] and extracting it with 7-Zip[3] (or the commands
Adobe provides in the documentation). Then, you open the msp file in the
wizard and customize your options. Finally, you save the changes and run
setup.exe in the directory of extracted files. Once you're done, you can
uninstall the customization wizard.

There is also a version of the wizard for macOS[4], but it seems to be far
more limited in terms of what can be configured through the UI, and most of
the configuration has to be done by manually editing plist files.

[1]: [https://www.adobe.com/devnet-
docs/acrobatetk/tools/Wizard/in...](https://www.adobe.com/devnet-
docs/acrobatetk/tools/Wizard/index.html) [2]:
[https://get.adobe.com/reader/enterprise/](https://get.adobe.com/reader/enterprise/)
[3]: [https://www.7-zip.org/](https://www.7-zip.org/) [4]:
[https://www.adobe.com/devnet-
docs/acrobatetk/tools/AdminGuid...](https://www.adobe.com/devnet-
docs/acrobatetk/tools/AdminGuide_Mac/predeployment_configuration.html)

------
jrochkind1
> Today, Adobe Acrobat Reader DC for macOS patched three critical
> vulnerabilities

If you have a mac, you might want to know what version of Adobe Acrobat Reader
DC is necessary to have the patches.

The OP doesn't appear to say? The CVE's referenced (which ordinarily would say
the patched version I think) all still appear to be protected/private, at the
point I write this.

[https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2020-9615](https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2020-9615)

[https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2020-9614](https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2020-9614)

[https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2020-9613](https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2020-9613)

My Mac does have "Adobe Acrobat Reader DC" on it. [btw, when did "DC" become
part of the name and what does it mean?] If I open it up and choose "Check for
Updates" from the "Help" menu, it does say "Adobe Acrobat Reader is already up
to date." I'm not sure exactly when/how it would have been updated though.

Under "About Acrobat Reader DC", it claims to be version `2020.009.2063`. It
does not include a release date with the version.

Am I up to date and protected? How would I know?

------
elliekelly
And once you install anything Adobe on your mac its basically impossible to
completely remove it.

~~~
sandymcmurray
I rely on AppZapper for this. One-click delete of apps and all related files.
[https://www.appzapper.com/](https://www.appzapper.com/)

~~~
elliekelly
Has anyone had success using this with Adobe? I once had to install some
Creative Cloud apps for a short-term project so I ran tree on the root
directory as superuser before and immediately after installing and then used a
diff checker so I’d know exactly what they put on my machine.

It took forever. When I was done with the project I “uninstalled” everything
and then deleted every single file and folder from the list _and_ manually
poked around to see if there was anything lurking that I might have missed. I
thought for sure I’d won.

About a week later I got a notification that Adobe Creative Cloud was
requesting keychain access.

I’m convinced it’s un-uninstallable.

------
heavyset_go
Why does a PDF reader need a non-sandboxed daemon to escalate privileges?

~~~
tinus_hn
Because the people who wrote this are lazy and don’t know what they are doing.
They should not be writing this kind of software.

~~~
empath75
probably more that reader is a big pile of legacy code that is decades old.

~~~
tinus_hn
Mac OS X is not decades old so neither is this platform specific upgrade
mechanism.

~~~
varikin
You're right, it's only 19 years old. But it might have a cross platform C++
library for parsing PDFs that is even older that was used on OS 9 and other
platforms.

~~~
tinus_hn
So? The issues in this article are in the update mechanism, not the PDF
handling.

------
sersi
And this is why when AWS gave me the PCI AOC in a format that only works with
adobe acrobat reader, I created a VM and installed it there.

------
olyjohn
Business as usual with Acrobat Reader. There are so many PDF alternatives out
there, I don't see why so many people keep using it. I understand that there
are some Adobe-specific extensions that won't work in other viewers, but
typically those are use-cases for things that should not be done via PDF.

~~~
dylan604
Please list for me the alternatives that are so ubiquitous as PDF that I can
send someone a copy of a document that they cannot modify while still being
able to read/print/etc, and is not a pure image format that is multiple MBs in
size.

~~~
saagarjha
> they cannot modify

Except Acrobat lets you modify PDFs. If you're trying to send someone
something that they cannot usefully modify, you're kind of doomed from the
start.

~~~
reaperducer
_Except Acrobat lets you modify PDFs. If you 're trying to send someone
something that they cannot usefully modify, you're kind of doomed from the
start._

Acrobat won't let the Average Joe modify a password-protected PDF. Neither
will Preview. There are ways around it, but for 95% of the people receiving a
PDF, it's as good as locked.

~~~
2ion
That's why these "read-only" PDF are laughable. Just sign your PDFs (there is
full support, no excuses possible) to create an authoritative/accurate
version.

------
greggman3
I think I kind of wish there were fines for this kind of issue. I know all
software has bugs and I certainly wouldn't want to be on the hook for my free
software but I don't charge for free software.

IANAL but I seems like for many non-software products there would be legal
repercussions of they caused damage or had other issues. Is there any
reasonable way to apply or morph those kinds of laws to software? Ideally it
seems like it would be nice if the incentives changed so running all these
services in the background is too big a legal risk and they stop?

------
capital_guy
Of course there are. I checked the processes running on my macOS machine a few
days after installing creative cloud because it kept loading upon stat. only
to find there are like 5 creative cloud processes constantly running in the
background. No clearly visible setting within the application to stop these or
keep it from running at launch either. This type of software design is
unacceptable imo

------
Ciantic
It starts to look like Mozilla's pdf.js is the most secure viewer, at least
it's using the browser's sandbox that is way more battle hardened than
anything Adobe can come up with.

~~~
heavyset_go
Is there sufficient sandboxing going on under the hood with Firefox? I wrap it
with firejail because I was under the impression that Firefox was lacking in
that regard.

~~~
bscphil
On Linux, as of Firefox 60, Firefox now uses Linux namespaces to isolate the
various processes it starts from the rest of the system, where supported.
[https://wiki.mozilla.org/Security/Sandbox#Linux](https://wiki.mozilla.org/Security/Sandbox#Linux)
This is the same approach taken by Chromium. I can't say anything for certain
about other operating systems, haven't really looked into it.

I suppose that doesn't answer the question of whether pdf.js specifically runs
inside one of the sandboxed processes, but it seems very likely that it does.

------
BaronVonSteuben
Maybe not helpful, but shout out to one of my famous apps, evince (default
gnome PDF viewer). really well polished app.

I use Xournal for editing PDFs. Would love if evince could do more than just
annotations.

------
bobbyz
Good thing the Canadian government has decided to only use Adobe's proprietary
pdf format (only openable by Acrobat btw) for all PDFs (lease agreements,
academic forms) hahaha!

~~~
rubatuga
Can you give an example? I've been using the PDFs in Preview without too many
problems

~~~
bobbyz
The official lease forms for Ontario are in proprietary pdf. The only way to
sign is to print, manually sign, and scan.

------
qwerty456127
The problem is there still are PDF forms many people need Adobe Acrobat Reader
for. I use Okular and SumatraPDF to read normal PDFs but there is a form I am
required by the state to fill regularly so I had to manually extract Adobe
Acrobat Reader from an old Ubuntu repository.

------
korginator
By my last count there were 36 separate sections in the Adobe acrobat reader
preferences, including a fair bit of internet and javascript related
preferences, and gems like "Security" and "Security (Enhanced)".

I've lost track of the services they have scattered around my Mac that are
running silently, doing things I can only hope are not malign.

Just today I was debating whether to move back fully to Preview or keep
Adobe's bloatware on my Mac, and I think this made the decision for me.

Given that Adobe has generously scattered a bunch of random stuff around my
Mac, could one expect something like AppCleaner to find and clean out all the
bits and pieces, or is that too much to ask?

------
myself248
Why would Acrobat be running as root in the first place?

~~~
sjburt
It’s a vuln in the auto-updater, which they need to plug all the vulns in the
reader...

~~~
cjbprime
Does the updater need to run as root, though? They could install a launchd
process running as the installing user who owns the /Applications folder. This
is what everything else does -- privileged helper daemons are not common.

------
indymike
It's kind of amazing that PDFs are still a thing after all of these years.
Also, the UI in Acrobat is one of the most creative (in a bad way) I've used
since Lotus Notes.

~~~
kfrzcode
Portable documents, easy support in the browser for reading. What's a good
open-standards, portable replacement for PDF, I'm curious?

~~~
jfkebwjsbx
HTML, unless you need printing accuracy, of course.

------
dilandau
I remember going blind to the "Update adobe reader" popups back in 2005 when I
was using Windows XP. I can't imagine it's gotten better in the past 15 years.

------
cemregr
I’ve been trying to delete every trace of creative cloud from my computer.
Despite scouring the file system and rm-rf everything I can find, it comes
back every restart ️

~~~
dddddaviddddd
Clean install your OS?

~~~
jfkebwjsbx
I am not sure why you are downvoted, since you are correct.

The only way to be sure is to start from scratch.

~~~
dddddaviddddd
Agreed, particularly if the software is persistent and the mechanism hasn't
been determined.

------
ogre_codes
This is one those timeless headlines which could be from any given year over
the past 20 years. Perhaps substitute "Flash" for Acrboat Reader
intermittently.

------
cjbprime
Using PIDs to lookup the calling process doesn't seem like a great idea given
the small PID space on macOS, I wonder if there could be a race there too.

~~~
saagarjha
Generally, code like this should be using the XPC audit token rather than the
PID for such authentication. Alas, Apple, in its infinite wisdom, has kept
this SPI private and undocumented but in a "if you care about security you
should be using this nudge nudge wink wink" state for many years.

------
kelvin0
Well if some malicious actor(s) would like to disseminate malware, the Adobe
suite would be one interesting vector of massive infection.

~~~
saagarjha
[https://duckduckgo.com/?q=adobe+acrobat+0+day+abused+in+the+...](https://duckduckgo.com/?q=adobe+acrobat+0+day+abused+in+the+wild)

------
dandare
Serious question: what is the reason for the existence of the PDF format
today?

From wikipedia: "to present documents, including text formatting and images,
in a manner independent of application software, hardware, and operating
systems."

I wish W3C would come up with container format for a HTML webpage that would
pack all assets and run in any standard browser.

~~~
jrochkind1
HTML was never designed to be "device independent", display pixel-perfect the
same everywhere regardless of user-agent.

PDF was, in relationship with _printing_.

I think this is clearly a quality people want (whether they "should" or not),
so it's unlikely they will stop using PDF unless there's another thing that
can provide that quality. I don't think HTML is the right avenue for it.

I would say the ePub format comes pretty close to what you are asking for
though, a container format for HTML webpage that would pack all assets and run
in... well, standards-based software from several different sources. I'm not
sure if browsers will actually display ePub or not? They presumably could
fairly easily if they had a desire to, since it's all standard html/web
technology. ePub is not W3C maintained though, I don't think.

[https://en.wikipedia.org/wiki/EPUB](https://en.wikipedia.org/wiki/EPUB)

It has moved in on PDF territory in some limited areas -- mainly ebooks of
course, the use-case it's focused on. I think this is because it turns out
"pixel perfect same everywhere" is a clear DOWNSIDE for ebooks, you want them
to be formatted properly for your device's screen size, not have the same page
size everywhere. So while PDFs were sometimes used for this, it works poorly
enough for the user that another solution was demanded. (and thankfully we got
an open standards one). Most uses of PDF still work "good enough" for most
users (certainly not all; there can be accessibilty probelms). Even if it's a
nightmare under the hood, PDFs generally work "good enough" for most
developers too (again not all). It's a lot of investment to reproduce to
replace, it would require popular use cases failing hard probably, with money
to made from serving them better.

------
dependenttypes
I do not get why people use Adobe Acrobat to read pdfs. It is extremely slow,
bloated, eats up your memory, has more holes than Swiss cheese, it is non-
free, and probably has all sorts of telemetry on it. I use Sumatra on windows
and zathura on Linux (evince if I want to fill forms) and I have been pretty
happy with it.

------
juloo
Everyone is talking about Adobe but that's not the right question to me. \-
Why the PDF reader has root rights ? Apple should never have allowed this. \-
How a programming error in a third party software can cause this ? Seems like
a bug in macOS

If you can answer positively to the first question, burn your computer now.

------
29athrowaway
Flash was ubiquitous few years ago. What happened? Of course, as browsers
added features, there was no longer a justification for Flash. But also:
security flaws.

Flash had many security issues and that was also a significant motivation for
its "deprecation".

But it did not have to be that way. Now, the same is happening with Adobe
Acrobat.

------
S_A_P
Why anyone would install acrobat on a mac is beyond me. The native PDF support
is plenty good and if there are adobe reader specific features I dont want
them anyway. I may not be the majority opinion here, but I try not to use the
format anyway if I dont need to.

~~~
riffic
Acrobat Reader DC on macOS is nearly 600 MB. wtf

------
dathinab
Why is self-updating software still a think? It has been known to be a
potential high security risk since years.

I mean there are some special software where it still makes sense, but Adobe
software clearly doesn't belong into this category.

------
wintorez
Acrobat Reader is one of the most bloated softwares I've ever seen.

------
classified
Thank Jobs my Mac does not need Acrobat to display PDF. Besides, Acrobat has
become more of an malware virus than a PDF reader.

------
agustif
So should I uninstall Acrobar Reader from my mac or not?

I don't even use it that much, only for official stuff and such that requires
it

~~~
wadkar
Is that a rhetorical question?

I mean you can try to uninstall it. But apparently it comes back.

~~~
agustif
That's a great excuse to backup + full clean OS reinstall in my book

------
paulie_a
Why does anyone actually use adobe Acrobat reader? Antivirus should outright
flag it as malware at this point.

------
fortran77
Why is this problem avoided on Windows? Is there something about MacOS
security model?

~~~
saagarjha
No, it's just that the updater code on Windows is architected differently.

------
dontbenebby
Is there a simple way to check if this exploit has been used on a system?

------
pyuser583
Adobe has been marketing pdfs on their security. Ironic.

------
jiveturkey
I wonder why Mac OS continue to allow this. They should have learned from zoom
to disallow this kind of updating altogether. I suppose they are reluctant to
drop the hammer on Chrome.

~~~
xoa
macOS is not iOS, and at least for the time being _can 't_ be iOS either even
if Apple wanted it to be because there is no crypto signed hardware chain
stack on all supported Macs. Users can still modify essentially all aspects of
the system if they want to (though Apple has made it more and more work for
system stuff), and in turn allow software to do so as well. There is also
plenty of legacy software that a lot of customers care a great deal about.

So it'd be immensely difficult to try to retrofit the kind of system that
would be needed to give users more control over this sort of thing, and
impossible/very heavy to do so in a way that wouldn't break a lot of stuff
without developers updating. It's a genuinely tough nut to crack and involves
some trade offs. Apple's chosen decent-in-principle solution is to harden the
base default system pretty heavily and have a curated ecosystem (the MAS) that
they nudge users into by default, and where they can flat out ban this kind of
thing. Ideally users who opted for other channels would know what they were
doing.

The big problem is that the MAS fucking sucks in a ton of unforced ways (like
no update pricing system), and is also far too limited in many others (from
non-Apple source options to single safety levels). So in turn a vastly higher
percentage of users than would be ideal are forced to turn elsewhere for a lot
of quality software even from small indy players. The many bad parts relieves
pressure on lazy/bad developers to deal with parts that would be genuinely
good. That's life with Apple sometimes though. They're bad at multitasking.

~~~
saagarjha
Also note that Apple has "promised" to keep this door open on macOS, unlike
iOS, although they may raise the number or annoyance of the steps required to
get to this state.

------
oneplane
But then what? You have local admin, but still no SIP bypass as far as I know.
If there is an exploit for that you do of course have the option to chain that
in there as well.

------
vernie
Imagine using Acrobat Reader on macOS...

~~~
bberenberg
What is your alternative of choice? As someone who has to fill out forms all
the time, theirs is still the most reliable in my experience.

~~~
travmatt
You can't fill out forms with preview?

~~~
mratzloff
Form editing is really poor in Preview.

~~~
crazygringo
Curious why you think so?

I've encountered PDF's that simply don't work in Preview by design -- as far
as I've been able to figure out, Preview won't run JavaScript embedded in
PDF's for instance.

But all my experiences with filling out forms, makring up annotations, and all
that jazz has been totally on par with Acrobat Reader. The same tools are
present and all seem to work generally the same way.

What specifically have you run into that is poor in Preview?

------
tomc1985
Another day, another Adobe update

------
Koshkin
> _flaw_

But, but: how is it even possible for a user-mode application to break the OS
security? It must be due to a flaw in the OS, right?

~~~
saagarjha
If you consider the ability to install code as root as a flaw in the OS, which
is the security model of some platforms such as iOS.

~~~
Koshkin
Installing code as root does not necessarily mean granting root privileges to
said code. (Even _running_ an application under the root account shouldn't
require or imply that. For example, if I use a text editor as root, I still do
not want it to be able to reformat the hard drive.)

~~~
saagarjha
The code doing the installation as root does have root privileges.

------
waynesonfire
i run foxit in sandboxie

------
thatiscool
is it security flaw or backdoor?

------
chrischen
Honestly I think this pales in comparison to the news of rampant security
flaws in iOS:
[https://news.ycombinator.com/item?id=23182862](https://news.ycombinator.com/item?id=23182862)

~~~
kstrauser
Can we agree that _all_ of these need to be addressed, and that it's OK to be
disappointed by both stories?

~~~
chrischen
Yes, if we can also agree that _all lives matter_.

~~~
kstrauser
Has anyone at all said otherwise?

------
flowerlad
Installing decades-old C++ programs on your computer is an invitation for
hackers to take over your computer. That includes Acrobat and Microsoft
Office.

Getting you to open PDFs and Office files is one of the primary ways in which
your computer is taken over by hackers. They may send you an attachment or a
link by email.

~~~
_bxg1
A big part of it is the fact that both of those formats, while nominally
"documents", have the ability to execute arbitrary macro code upon opening

~~~
kevin_thibedeau
The sad thing is that PDF was designed to be safe by removing all dynamic
features of PostScript. Office docs on the other hand don't run macros by
default and are safer today than in the distant past.

