-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [email protected] wrote: > Juha-Matti Laurio made the following keystrokes: > >Is Mac Preview confirmed as affected too, in fact? > > > From what I can tell, it is not vulnerable. It does not > appear that the pdf view in Preview understands javascript. > > Note that it is all too easy to install AdobeReader on the > Mac though and wind up with that being the PDF viewer of choice. > The AdobeReader on the Mac IS vulnerable. > > --Gene
At a minimum, Preview **IS** vulnerable to the JBIG2 error. The milw0rm POC takes out Preview just as fast as it takes out Acrobat Reader. That said, whether it can be exploited is an entirely different question that I do not have time to explore. Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmjtywACgkQUVxQRc85QlPCowCeK+v0dobHhIhoeUSx44KSB+qt +oUAn3dIhdSaGSNfDKMGcrhEPRdm4ETI =G1jl -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
