HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 8 MINUTES AGO.
You are here: Home / Hardware / Security Researcher Warns of PDFs
MOBILE FRAUD PREVENTION
Learn how to identify fraud coming from mobile web and apps
SIGN UP—IOVATION WEBINAR
Security Researcher Warns of Adobe PDFs
Security Researcher Warns of Adobe PDFs
By Barry Levine / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
SEPTEMBER
21
2007
Adobe PDF documents might compromise your PC, according to a security researcher. Petko Petkov, a "creative hacker" who has previously found that Windows Media Player can harbor malicious files and that there's a critical bug in the way the Firefox browser works with QuickTime, is now reporting problems with PDFs.

Petkov said he has tested the issue with Windows XP Service Pack 2 and the latest Adobe Reader 8.1, but said that previous versions of Reader are also vulnerable.

For users, he is advising only one course of action at the moment. Users should not "open any PDF files (locally or remotely)," he wrote, adding that other PDF viewers besides Adobe Reader could also be affected.

Invisibly and Unwillingly

"Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box," he wrote Thursday on his blog. "Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one."

He described the issue as a high-risk vulnerability of critical importance, given PDF's popularity for business use. PDFs are frequently used to distribute press releases, contracts, designs, manuals, and other material that the creator does not want altered.

Petkov said that because of the importance of PDF as a format, and the fact that "it may take a while for Adobe to fix their closed source product," he would not be publishing any code until Adobe has issued an update. He has reported that Adobe has confirmed the issue.

Best Course of Action?

This would not be the first time that PDFs have been considered security risks, but some observers note that previous attacks were designed for specific versions, while the risk uncovered by Petkov might be for all PDFs. This could point to a serious underlying flaw in the format or the way readers work.

Some PDF users are saying they are not pleased about the lack of advice. "What am I supposed to do now when I turn up for work in the morning?" wrote one user named "fatman," who commented on Petkov's blog.

"What do I say to my users? Sorry guys. Don't open any PDFs for the foreseeable future until either Adobe patch (sic) their iffy product or PDP" -- meaning Petkov -- "decides graciously to at least give us some clues as to where the problem is."

The commenter suggested that it would have been better for Petkov to tell Adobe about the issue and then either keep it to himself or publish information so businesses reliant on PDFs could make an informed decision.

For instance, he asked, does this vulnerability mean "full compromise of systems where users run without admin privileges?" Petkov responded by posting a silent video that he said demonstrated the problem, although security expert Thor Larholm commented on Petkov's site that the video is a "little light on the details."

Read more on: PDF, Security, Adobe, Hacker, Windows
Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Mobile Fraud Trends and Impact Report Device intelligence uncovers hidden layers of risk in mobile transactions from both web browsers and mobile applications. Download this report to find out what iovation can tell you about mobile fraud—risks, insights and priorities. Click here to access the free report.
MORE IN HARDWARE
Product Information and Resources for Technology You Can Use To Boost Your Business
© Copyright 2015 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.