Option-Click AirPort Menu for Network Details
If you hold down the Option key while clicking the AirPort menu in Mac OS X 10.5 Leopard, you'll see not just the names of nearby Wi-Fi networks, but additional details about the selected network. Details include the MAC address of the network, the channel used by the base station, the signal strength (a negative number; the closer to zero it is, the stronger the signal), and the transmit rate in megabits per second showing actual network throughput. If you hover the cursor over the name of a network to which you're not connected, a little yellow pop-up shows the signal strength and type of encryption.
Written by
Adam C. Engst
Recent TidBITS Talk Discussions
- Alternatives to MobileMe for syncing calendars between iPad/Mac (1 message)
- Free anti-virus for the Mac (20 messages)
- iTunes 10 syncing iPod Touch 4.1 (2 messages)
- Thoughts about Ping (16 messages)
Published in TidBITS 1000.
Subscribe to our weekly email edition.
- Apple Acknowledges Guest Account Data Loss Bug
- Microsoft Extends Support for Office 2004
- In App Purchase Enables Free App Feature Unlocking
- Gmail Further Foolproofs Group Emailing
- Google Docs Adds Shared Folders for Easier Collaboration
- Find My (Wife's) iPhone
- Tracking Down Snow Leopard's Apple Events Bug
- iPod nano Delivers Static in Radio Interface and Features
- 1,000 Issues of TidBITS: It's All about Our Readers
- TidBITS Watchlist: Notable Software Updates through 19-Oct-09
- ExtraBITS for 19-Oct-09
- Hot Topics in TidBITS Talk for 19-Oct-09
Protect Yourself from Adobe Acrobat and Reader Vulnerabilities
by Rich Mogull 
On 13-Oct-09 Adobe released a major security update for multiple versions of its Adobe Acrobat and Adobe Reader products on Windows, Macs, and Linux platforms for flaws that could allow an attacker to take over vulnerable systems.
Due to Adobe's atrocious security record, I recommend that all Mac users not only immediately patch Adobe Reader and Acrobat, but make sure they set Apple's Preview as their default PDF reader. Unless you need to access PDF files with Adobe's digital rights management protection, or commonly encounter PDF files that it can't display properly, Preview is more than sufficient to meet your day-to-day PDF viewing needs.
Adobe Acrobat, a commercial product used to create PDF files, is harder to replace, but it's also far less commonly needed. Many Mac programs can generate PDF files directly, and Mac OS X has long had a Save as PDF command in the Print dialog, which enables you to turn anything you can print into a PDF. This likely won't meet the needs of marketing professionals, designers, or ebook publishers, but is sufficient for the average home user or office worker.
The latest vulnerabilities affect Adobe Reader 9.1.3 and Acrobat 9.1.3, Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Macintosh and Unix, and Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh. These vulnerabilities allow an attacker to take over your computer even if all you do is view a maliciously crafted PDF file. For Windows users, this vulnerability was being exploited in the wild before the patch was released (what we in the security field call a "zero day vulnerability").
We have no evidence that Mac users are currently being exploited, but we also don't know of any technical obstacle preventing attackers from targeting Macs. Even on Windows, an attacker has to get you to open a malicious file, and while this attack is in the wild, it's certainly not widespread. In other words, your risk as a Mac user right now is quite low, but it's still prudent to patch.
The vulnerabilities are fixed in Adobe Reader 9.2, 8.1.7, and 7.1.4, and in Adobe Acrobat Pro 9.2, 8.1.7, and 7.1.4. Though Adobe has updater programs, they fail sufficiently frequently that your best bet may be a manual download and update. Note that you will likely have to download and install each interim update in turn; the Acrobat 8.1.7 update, for instance, can install only on 8.1.6, not 8.1.5 or earlier.
This isn't the first time the wings have fallen off the Adobe security plane this year. According to a recent report by the SANS Institute, this is at least the third time in the past 7 months that Acrobat and Reader were affected by critical zero day vulnerabilities. While the exploits have targeted Windows users, the vulnerabilities were potentially equally exploitable on Macs.
According to Adobe's security page, the company has released nine critical updates, some patching multiple vulnerabilities, for Acrobat and Reader 9.x since February 2009. Adobe has struggled so much with patching that they have switched to a new quarterly patch schedule to help IT administrators keep their systems up to date with the latest security fixes.
With such a poor security record, and considering the PDF support built into Mac OS X for reading and creating documents, it makes little sense to use Reader as your default PDF viewer on a Mac, and Acrobat users should ask themselves if they need the program's extra features.
People who have switched over from Windows, in particular, often install and use Adobe Reader and Acrobat without realizing the native Mac software might already meet their needs. For example, a family member of mine who switched from Windows immediately installed Reader out of habit, not realizing she didn't need it to view most documents (and she has never found a PDF she couldn't view with Preview).
There are exceptions. Preview can't open protected PDF files, and it may not render all PDF documents properly. The PDF file format has become extremely complex over the years, including support for JavaScript, embedded Flash content, and other advanced options. Acrobat includes far more extensive controls and content capabilities than simply printing to PDF, especially if you need to manage image resolutions and formats. Of course, this complexity in Reader and Acrobat is where a lot of these security problems come from in the first place.
Adobe does recognize the risk these security issues create for their business. Earlier this year they launched a major security initiative to improve the quality of their code and their response process. This is a commendable move, but due to the complexity of software development these initiatives usually take years to manifest fully in released products.
Since there is no risk unless you open a malicious file with Reader or Acrobat, one of the best steps you can take to limit the chances of future issues (aside from staying up to date with patches) is to set Preview as your default reader. Not that Preview is perfect, but we have yet to see it face the same number of zero day vulnerabilities or exploits.
Changing your default PDF viewer is easy. Simply Control-click (or right-click) any PDF file and select Get Info. In the Open With section of the Get Info window, choose Preview from the pop-up menu, and click the Change All button.
Your risk of being exploited is so low as to be unmeasurable, but since Adobe products (Reader, Acrobat, and Flash) are currently one of the main sources of cross-platform vulnerabilities, it makes sense to keep them up to date, and use them only when you really need them.
Pear Note 2: More complete, understandable notes on your Mac.Typed notes are blended with recorded audio, video, and slides
to create notes that make more sense when you need them most.
Learn more at <http://www.usefulfruit.com/tb>!
Flash is abuse: it's the worst "video codec" among video codecs and the only other prevailent use is web page advertising. Because the developers are producers are lazy.
Everything Adobe has become boated, unstable and 'hack-prone". It was a genuinely sad day when Adobe purchased Macromedia.
I mean it when I say I am Microsoft-free (except Windows XP on my PC) and I am working very hard to make myself Adobe-free.
Like Microsoft, Adobe has gone lazy and their software applications have all turned into fat, sluggish, buggy bloatware that isn't great. Good yes, but not great
It doesn't seem wise to jump to the conclusion that Apple or any other vendor that supports PDF is immune from a particular flaw until it has been proven. Different software may be using similar underlying libraries (such as for image handling), may reimplement a flaw in a different way (to keep with a spec), or have a different flaw that's as yet undetected.
@Jeremy Reichman: This is a very good point. Though I think we can be fairly certain there will be "different flaws" - I doubt that Apple's engineers have perfected this or any other library to be totally un-exploitable.
========
I have been advised that I need to upgrade to Adobe Acrobat 8 Pro 8.1.7 for security reasons.
I had previously upgraded - painfully, step by step, to 8.1.5. I am trying - as you now direct - to upgrade first to 8.1.6 and then to 8.1.7, but I receive the following message:
--------
The patch has failed because the application has been modified since it was originally installed (for example, plug-ins may have been disabled).
Please go to the Adobe support website for more information regarding how to re-enable disabled components prior to installing the patch. Or, you can uninstall and reinstall the application, and then reinstall the patch.
Adobe Acrobat 8.1.6 (CPSID_49167) failed to install.
--------
I am not aware of any disabled components, nor of any reason I might have had to disable or modify Acrobat 8 Pro, nor do I know if I have any means of knowing where or what they were.
========
I originally installed 8.0.0 in 2006.
You may have to reinstall Acrobat entirely from scratch and apply the updates manually again, not that I wish such an onerous task on anyone.
Special thanks to digital.forest, our Web and mailing list host.
Unless otherwise noted, this article is copyright © 2009 Rich Mogull
TidBITS is copyright © 2010 TidBITS Publishing Inc.
Reuse governed by Creative Commons License.
About TidBITS | Account Help | Advertise with TidBITS! | Contact Info | Copyright Terms