[pdftex] [tex-live] PDF 1.5 by default in TL 2010
James Quirk
jjq at galcit.caltech.edu
Wed Jan 13 17:27:12 CET 2010
On Wed, 13 Jan 2010, Philip TAYLOR wrote:
>
>
> James Quirk wrote:
>
> > Don't forget there's always the security angle to consider,
> > as older versions of AR/AA have buffer flow problems that can be
> > exploited by malicious PDFs. Therefore if you're going to stick
> > with AR5/6/7/8, be aware of the risks involved.
>
> which is not to suggest that V9 of AA/AR is any
> more secure : see http://blogs.adobe.com/asset/2009/12/
> for pertinent details.
Indeed, as soon as one vulnerability is plugged another is exposed.
However Adobe are inching forward with extra layers of security, such as
black-listing of individual JavaScript functions, see
http://kb2.adobe.com/cps/504/cpsid_50431.html, and so for most users it
does make sense to swim with the security-flow. Although as Dumas
once observed -- all generalistions are dangerous, including this one.
Hence it is easy to pick holes in such statements.
James
>
> * Phil.
>
>
More information about the pdftex
mailing list