Spread the Word

Site Feed

Powered by FeedBlitz

Subscribe with ...

  • Add this blog to my Technorati Favorites!
  • Subscribe in Bloglines
  • Subscribe in NewsGator Online
  • Subscribe in Rojo
  • Add Random 

Bytes (WebLens Blog) to Newsburst from CNET News.com
  • Add to Google
  • Add to My AOL
  • Subscribe in FeedLounge
  • Add to netvibes

Translate This Post

Burn a Feed

Ping the World

Thursday, January 04, 2007

IT Security Alert: Now PDFs Pose a Threat!

Update: According to IT security types, certain versions of Internet Explorer are also vulnerable. They include:

  • IE6, Adobe Reader 7 on XP SP1
  • IE6, Adobe Reader 4 on XP SP2

I just received a very alarming alert from my daughter who works in IT security. According to a couple of posts that she forwarded to me, the long-trusted PDF document format can now be exploited for cross-site scripting purposes, meaning that any web site hosting PDF files can be used for perpetrating cyber attacks.

According to this CBC News article, which cites research from Symantec and VeriSign, virtually any website hosting PDF files is vulnerable to attack. The outcomes could range from covert spying on surfers to the creation and spread of dangerous worms.

The intrusion is accomplished through Javascripted links to PDF documents, which could also be sent by email. They take advantage of a vulnerability in the Acrobat Reader to run malicious code when users attempt to open the linked file. The technique appears, for once, to target Firefox rather than IE.

This article from Symantec describes the exploit in more detail and outlines ways to protect yourself, including upgrading to Acrobat Reader 8.0 or disabling the plug-in entirely. Don't miss it!