Researchers warn of flaw in Adobe PDF software
Last Updated: Thursday, January 4, 2007 | 9:11 AM ET
The Associated Press
Computer security researchers said Wednesday they have discovered a vulnerability in Adobe Systems Inc.'s ubiquitous Acrobat Reader software that allows cyber-intruders to attack personal computers through trusted web links.
Virtually any website hosting portable document format, or PDF, files are vulnerable to attack, according to researchers from Symantec Corp. and VeriSign Inc.'s iDefense Intelligence.
The attacks could range from stealing cookies that track a user's Web browsing history, to the creation of harmful worms, the researchers said.
The flaw, first revealed at a hacker conference in Germany over the holidays, exists in a plug-in that enables Acrobat users to view PDF files within web browsers. By manipulating the web links to those documents, hackers and online thieves are able to commandeer the Acrobat software and run malicious code when users attempt to open the files, according to Ken Dunham, director of the rapid response team at VeriSign's iDefense Intelligence.
Dunham gave this hypothetical scenario: an attacker finds a PDF file on a banking website. The attacker creates a hostile website that links to the bank's PDF file. Included is malicious JavaScript code that will run on the unsuspecting user's computer once the link is clicked.
"PDF is trusted and tried and true — everyone uses it," Dunham said. "But instead of just viewing the file, you've initiated script that shouldn't be executed. All you have to do is click on the PDF and the ball starts rolling."
Representatives from Adobe did not return a call from the Associated Press on Wednesday night.
The flaw appears to target Microsoft Corp.'s Internet Explorer 6.0 browser and earlier versions, and Mozilla's Firefox browser, the researchers said. They recommended that users protect themselves by upgrading Internet Explorer or changing Firefox's user options so the browser does not use the Acrobat plug-in.
Researchers said it's unclear how pervasive or harmful any future attacks might be.
"Given that it is easy to exploit, I would expect that we will see this method used considerably in the coming days and weeks, until it is resolved," a Symantec researcher said in a posting on a company web log.
Share Tools
Top News Headlines
- Legalize pot, say former B.C. attorneys general
- Four former B.C. attorneys general are joining a coalition of health and justice experts calling for the legalization of marijuana. more »
- Whitney Houston's funeral to be held Saturday
- Pop star Whitney Houston's funeral service will be held Saturday in the New Jersey church where she first showcased her singing talents as a child. more »
- Online surveillance bill targets child porn: Toews
- A bill that would give police and intelligence agencies new powers to access Canadians' electronic communications is needed to protect against child pornography, says Public Safety Minister Vic Toews. more »
- Air Canada pilots give strike mandate to union
- The union representing Air Canada pilots has been given an overwhelming mandate to call a strike, though the pilots have said they won't use that option while mediated talks are ongoing. more »
Latest Technology & Science News Headlines
- New iPad anticipated in March
- The latest version of Apple's iPad tablet will launch in early March, according to blog and media reports this week. more »
- Higgs boson hunt aided by energy boost
- The world's largest particle accelerator is ramping up its beam energy in hopes that scientists will learn definitively this year whether the last undiscovered particle in the Standard Model of Physics exists. more »
- Nortel hit by suspected Chinese cyberattacks for a decade
- Hackers based in China enjoyed widespread access to Nortel's computer network for nearly a decade, according to a report. more »
- U.S. weighs steep nuclear arms cuts
- The Obama administration is weighing options for sharp new cuts to the U.S. nuclear force, including a reduction of up to 80 per cent in the number of deployed weapons, The Associated Press has learned. more »
Bob McDonald's Blog
Glacier Discovery Walk: Will the visitor centre enhance the view? Feb. 14, 2012 9:22 AM Environment minister Peter Kent has announced the construction of a new Glacier Discovery Walk and visitor centre on the Icefields Parkway in Jasper National Park. It raises the issue of how to balance commercial development in our National Parks against the preservation of the last refuges of wilderness.
Quirks & Quarks
- February 11: Inside the Mind of a Neandertal Feb. 10, 2012 4:01 PM Can we get inside the mind of a species that's been dead for 30,000 years? A new book, How to Think Like a Neanderthal, suggests we can. The authors reconstruct a creature like us in many ways, but with important differences.
Latest Features
- Online surveillance critics accused of supporting child porn
- Whitney Houston's funeral to be held Saturday
- HMCS Corner Brook collision damage extensive
- Online surveillance bill targets child porn: Toews
- Mooning Queen proves costly for Australian man
- Legalize pot, say former B.C. attorneys general
- MacKay says submarine fleet has 'spotty' history
- Stanley Cup rioter seen in brick attack on cop
- Man kidnapped at Greyhound station escapes captors
