Researchers warn of flaw in Adobe PDF software
Last Updated: Thursday, January 4, 2007 | 9:11 AM ET
The Associated Press
Computer security researchers said Wednesday they have discovered a vulnerability in Adobe Systems Inc.'s ubiquitous Acrobat Reader software that allows cyber-intruders to attack personal computers through trusted web links.
Virtually any website hosting portable document format, or PDF, files are vulnerable to attack, according to researchers from Symantec Corp. and VeriSign Inc.'s iDefense Intelligence.
The attacks could range from stealing cookies that track a user's Web browsing history, to the creation of harmful worms, the researchers said.
The flaw, first revealed at a hacker conference in Germany over the holidays, exists in a plug-in that enables Acrobat users to view PDF files within web browsers. By manipulating the web links to those documents, hackers and online thieves are able to commandeer the Acrobat software and run malicious code when users attempt to open the files, according to Ken Dunham, director of the rapid response team at VeriSign's iDefense Intelligence.
Dunham gave this hypothetical scenario: an attacker finds a PDF file on a banking website. The attacker creates a hostile website that links to the bank's PDF file. Included is malicious JavaScript code that will run on the unsuspecting user's computer once the link is clicked.
"PDF is trusted and tried and true — everyone uses it," Dunham said. "But instead of just viewing the file, you've initiated script that shouldn't be executed. All you have to do is click on the PDF and the ball starts rolling."
Representatives from Adobe did not return a call from the Associated Press on Wednesday night.
The flaw appears to target Microsoft Corp.'s Internet Explorer 6.0 browser and earlier versions, and Mozilla's Firefox browser, the researchers said. They recommended that users protect themselves by upgrading Internet Explorer or changing Firefox's user options so the browser does not use the Acrobat plug-in.
Researchers said it's unclear how pervasive or harmful any future attacks might be.
"Given that it is easy to exploit, I would expect that we will see this method used considerably in the coming days and weeks, until it is resolved," a Symantec researcher said in a posting on a company web log.
Share Tools
Top News Headlines
- SpaceX capsule nears space station for historic docking
- The privately bankrolled Dragon capsule approaches the International Space Station for a historic docking after sailing through a practice rendezvous the day before. more »
- Conservatives move again to have robocalls suits tossed
- The Conservative Party has filed a second motion to dismiss the robocalls lawsuits filed by the left-leaning Council of Canadians, calling council chairperson Maude Barlow a "virulent critic" of Prime Minister Stephen Harper who has "orchestrated" the litigation. more »
- Teens share bullying tales in confession booth
- Raw stories about bullying emerged when a video booth was set up inside a Quebec high school. more »
- Reclaiming the dead on Mt. Everest
- The difficulty, danger and expense of removing the bodies of climbers who died in Mount Everest's "death zone" mean most of the dead remain on the mountain as a stark reminder to other climbers of the risks. more »
Latest Technology & Science News Headlines
- Facebook unveils camera app for iPhone
- Facebook unveiled a photo-sharing application on Thursday that allows users to take pictures on their mobile device and post them directly to their Facebook accounts. more »
- Neil Armstrong grants rare interview to accountants organization
- Legendary astronaut Neil Armstrong, who was the first person to walk on the moon, has surprised the media establishment by granting a rare and comprehensive interview to an unexpected interviewer: the Certified Practicing Accountants of Australia. more »
- 'Safe' stem cell discovery unveiled in Calgary
- Scientists in Calgary say they have discovered a way to create stem cells by the millions more quickly and safely than ever before. more »
- Canadian Hurricane Centre predicts 9 to 15 storms in 2012
- The early arrival of a tropical storm off the U.S. east coast does not mean Eastern Canada should brace for a particularly active hurricane season, Canadian forecasters said Thursday. more »
Bob McDonald's Blog
Underground lab may solve cosmic mystery May. 18, 2012 4:22 PM A new astronomical observatory opened this week - one more than 2 kilometres below the ground in Sudbury, Ont. - that may finally answer the mystery of Dark Matter in the universe. SNOLAB will attempt to capture the elusive Dark Matter particles as they pass right through the Earth.
Quirks & Quarks
- May 26: Before the Lights Go Out May. 24, 2012 10:14 AM A new book, "Before the Lights Go Out: Conquering the Energy Crisis Before It Conquers Us", suggests that the unpredictable, unplanned, ad-hoc way our energy use developed in the past will shape our energy future.
Latest Features
- Reclaiming the dead on Mt. Everest
- Workers' EI history to affect claim under new rules
- New mom among dead in Aylmer triple stabbing
- Gatineau police to question suspect in multiple homicides
- Conservatives move again to have robocalls suits tossed
- Quebec faces mounting pressure amid student crisis
- Suspect arrested in decades old N.Y. missing boy case
- Teens share bullying tales in confession booth
- B.C. man fined $6,000 for feeding 'pot bears'
