Security Threat – Flaw found in Adobe Acrobat PDF
Computer security researchers said Wednesday they have discovered a vulnerability in Adobe Systems Inc.’s ubiquitous Acrobat Reader software that allows cyber-intruders to attack personal computers through trusted Web links. Virtually any Web site hosting Portable Document Format, or PDF, files are vulnerable to attack, according to researchers from Symantec Corp. and VeriSign Inc.’s iDefense Intelligence.
The attacks could range from stealing cookies that track a user’s Web browsing history to the creation of harmful worms, the researchers said. Dunham gave this hypothetical scenario: an attacker finds a PDF file on a banking Web site. The attacker creates a hostile Web site that links to the bank’s PDF file. Included is malicious JavaScript code that will run on the unsuspecting user’s computer once the link is clicked. “PDF is trusted and tried and true _ everyone uses it,” Dunham said. “But instead of just viewing the file, you’ve initiated script that shouldn’t be executed. All you have to do is click on the PDF and the ball starts rolling.”
Comments are closed.