Adobe PDF flaw allows PC access, experts warn
Last Updated: Friday, January 5, 2007 | 11:19 AM ET
CBC News
Related
A vulnerability in Adobe Systems Inc.'s Acrobat Reader software is more dangerous than originally thought, allowing cyber-intruders to access information to a user's hard drive, according to security experts.
Security officials warned Wednesday that a flaw in earlier versions of Acrobat Reader could allow online thieves and hackers to steal web-related information from users who posted portable document format — or PDF — files on their website.
But security experts on Thursday said the vulnerability could also affect a personal computer by linking directly to PDF files found on a victim's PC.
Acrobat's inclusion of sample PDF's in predictable places on the hard drive makes such files easier to find, warns Websense Security Labs.
"Because known PDF files are stored on the local computer, this vulnerability can be used to execute JavaScript in the context of the local user, granting access to the local file system," Websense Security Labs said in a release on Thursday.
Adobe issued it own advisory, encouraging customers using older versions of the software to upgrade to Acrobat Reader 8. The company will be offering patches early next week to users with systems unable to upgrade to the latest version.
The flaw is exploitable in all versions of Mozilla Firefox running versions of Acrobat Reader earlier than 8. It also appears to affect Microsoft's Internet Explorer running some but not all earlier versions of Reader.
The vulnerability, first discovered at a hacker conference in Germany over the holidays, takes advantage of a plug-in allowing JavaScript code appended to links to PDF files to run when the link is clicked.
Attackers could create a hostile website linking to another site's PDF. When the link is clicked, a malicious JavaScript program is also activated and runs on the system hosting the PDF.
If the host of the PDF is a website, it would allow the hacker to steal cookies and other web-related information from the site. Should the host of the PDF file be a personal computer, the malicious program would allow much greater access to personal information.
"Given that it is easy to exploit, I would expect that we will see this method used considerably in the coming days and weeks, until it is resolved," a researcher from Symantec Corp. said in a posting on the California-based company's web log.
Share Tools
Top News Headlines
- SpaceX capsule nears space station for historic docking
- The privately bankrolled Dragon capsule approaches the International Space Station for a historic docking after sailing through a practice rendezvous the day before. more »
- Conservatives move again to have robocalls suits tossed
- The Conservative Party has filed a second motion to dismiss the robocalls lawsuits filed by the left-leaning Council of Canadians, calling council chairperson Maude Barlow a "virulent critic" of Prime Minister Stephen Harper who has "orchestrated" the litigation. more »
- Teens share bullying tales in confession booth
- Raw stories about bullying emerged when a video booth was set up inside a Quebec high school. more »
- Reclaiming the dead on Mt. Everest
- The difficulty, danger and expense of removing the bodies of climbers who died in Mount Everest's "death zone" mean most of the dead remain on the mountain as a stark reminder to other climbers of the risks. more »
Latest Technology & Science News Headlines
- Facebook unveils camera app for iPhone
- Facebook unveiled a photo-sharing application on Thursday that allows users to take pictures on their mobile device and post them directly to their Facebook accounts. more »
- Neil Armstrong grants rare interview to accountants organization
- Legendary astronaut Neil Armstrong, who was the first person to walk on the moon, has surprised the media establishment by granting a rare and comprehensive interview to an unexpected interviewer: the Certified Practicing Accountants of Australia. more »
- 'Safe' stem cell discovery unveiled in Calgary
- Scientists in Calgary say they have discovered a way to create stem cells by the millions more quickly and safely than ever before. more »
- Canadian Hurricane Centre predicts 9 to 15 storms in 2012
- The early arrival of a tropical storm off the U.S. east coast does not mean Eastern Canada should brace for a particularly active hurricane season, Canadian forecasters said Thursday. more »
Bob McDonald's Blog
Underground lab may solve cosmic mystery May. 18, 2012 4:22 PM A new astronomical observatory opened this week - one more than 2 kilometres below the ground in Sudbury, Ont. - that may finally answer the mystery of Dark Matter in the universe. SNOLAB will attempt to capture the elusive Dark Matter particles as they pass right through the Earth.
Quirks & Quarks
- May 26: Before the Lights Go Out May. 24, 2012 10:14 AM A new book, "Before the Lights Go Out: Conquering the Energy Crisis Before It Conquers Us", suggests that the unpredictable, unplanned, ad-hoc way our energy use developed in the past will shape our energy future.
Latest Features
- Reclaiming the dead on Mt. Everest
- Workers' EI history to affect claim under new rules
- New mom among dead in Aylmer triple stabbing
- Gatineau police to question suspect in multiple homicides
- Conservatives move again to have robocalls suits tossed
- Quebec faces mounting pressure amid student crisis
- Suspect arrested in decades old N.Y. missing boy case
- Teens share bullying tales in confession booth
- B.C. man fined $6,000 for feeding 'pot bears'
