CBCnews
Story Tools: EMAIL | PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK | Bookmark and Share

Researchers warn of flaw in Adobe PDF software

Last Updated: Thursday, January 4, 2007 | 9:11 AM ET

The Associated Press

Computer security researchers said Wednesday they have discovered a vulnerability in Adobe Systems Inc.'s ubiquitous Acrobat Reader software that allows cyber-intruders to attack personal computers through trusted web links.

Virtually any website hosting portable document format, or PDF, files are vulnerable to attack, according to researchers from Symantec Corp. and VeriSign Inc.'s iDefense Intelligence.

The attacks could range from stealing cookies that track a user's Web browsing history, to the creation of harmful worms, the researchers said.

The flaw, first revealed at a hacker conference in Germany over the holidays, exists in a plug-in that enables Acrobat users to view PDF files within web browsers. By manipulating the web links to those documents, hackers and online thieves are able to commandeer the Acrobat software and run malicious code when users attempt to open the files, according to Ken Dunham, director of the rapid response team at VeriSign's iDefense Intelligence.

Dunham gave this hypothetical scenario: an attacker finds a PDF file on a banking website. The attacker creates a hostile website that links to the bank's PDF file. Included is malicious JavaScript code that will run on the unsuspecting user's computer once the link is clicked.

"PDF is trusted and tried and true — everyone uses it," Dunham said. "But instead of just viewing the file, you've initiated script that shouldn't be executed. All you have to do is click on the PDF and the ball starts rolling."

Representatives from Adobe did not return a call from the Associated Press on Wednesday night.

The flaw appears to target Microsoft Corp.'s Internet Explorer 6.0 browser and earlier versions, and Mozilla's Firefox browser, the researchers said. They recommended that users protect themselves by upgrading Internet Explorer or changing Firefox's user options so the browser does not use the Acrobat plug-in.

Researchers said it's unclear how pervasive or harmful any future attacks might be.

"Given that it is easy to exploit, I would expect that we will see this method used considerably in the coming days and weeks, until it is resolved," a Symantec researcher said in a posting on a company web log.

  • This story is now closed to commenting.
Story Tools: EMAIL | PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK | Bookmark and Share
 

Technology & Science Headlines

Bell quietly drops system access fee
The cellphone system access fee is all but extinct. Bell Canada has quietly axed the charge, joining rivals Rogers and Telus.
Beam sent around Large Hadron Collider
The operators of the Large Hadron Collider have successfully sent a beam of particles around the ring of the world's largest particle collider in Switzerland.
Astronauts complete 6-hour spacewalk
Astronauts from space shuttle Atlantis completed the second of three scheduled spacewalks Saturday, spending just over six hours installing equipment on the International Space Station.
Asian carp close to Great Lakes
U.S. officials say the despised Asian carp may have breached an electronic barrier designed to prevent it from invading the Great Lakes.
Billy Bragg, NDP push for new law on music downloads
British folk singer Billy Bragg teamed up with Canadian songwriters and the NDP to advocate for copyright reform and a new approach to music downloads while on tour in Ottawa Friday.

Technology Features

BRIGHT IDEASHome sweet solar home
Students build solar-powered houses for U.S. competition
THE IDEAS GUYRichard Handler
New thinking about children, some anti-advice
QUIRKS & QUARKSBob McDonald
Energy-efficient homes: Small changes, big gains
Q&A Mayer-Schonberger
Society must teach digital systems to forget, author says
MILITARY MATTERSRobert Smol
Now is not the time to gut our armed forces
SMART SHIFTWeekly Think Tank
Can governments get smarter, leaner and faster?
More Features

Top CBCNews.ca Headlines

Headlines

McCain argues against Afghanistan exit date Video
U.S. Senator John McCain says military exit dates and exit strategies in Afghanistan should not even be discussed until NATO gets the upper hand in its fight against Taliban militants.
U.S. health-care bill clears Senate hurdle
Democrats united Saturday night to narrowly push historic health-care legislation past a key U.S. Senate hurdle over the opposition of Republicans eager to inflict a punishing defeat on President Barack Obama.
Disgraced N.S. bishop's replacement named Video
The Roman Catholic Church has appointed a replacement for Bishop Raymond Lahey, of the Diocese of Antigonish, N.S., who is facing child pornography charges.
Rocket hits luxury hotel in Afghan capital
At least two people were hurt when a rocket struck a wall of the heavily guarded Serena Hotel in Kabul, the Interior Ministry says.
Vancouver Island evacuation order lifted Video
An evacuation order has been lifted for hundreds of south Vancouver Island residents forced from their homes by flooding.