Spread the Word

Site Feed



Powered by FeedBlitz

Subscribe with ...

  • Add this blog to my Technorati Favorites!
  • Subscribe in Bloglines
  • Subscribe in NewsGator Online
  • Subscribe in Rojo
  • Add Random 

Bytes (WebLens Blog) to Newsburst from CNET News.com
  • Add to Google
  • Add to My AOL
  • Subscribe in FeedLounge
  • Add to netvibes

Translate This Post

Burn a Feed

Ping the World

Thursday, January 04, 2007

IT Security Alert: Now PDFs Pose a Threat!

Update: According to IT security types, certain versions of Internet Explorer are also vulnerable. They include:

  • IE6, Adobe Reader 7 on XP SP1
  • IE6, Adobe Reader 4 on XP SP2

I just received a very alarming alert from my daughter who works in IT security. According to a couple of posts that she forwarded to me, the long-trusted PDF document format can now be exploited for cross-site scripting purposes, meaning that any web site hosting PDF files can be used for perpetrating cyber attacks.

According to this CBC News article, which cites research from Symantec and VeriSign, virtually any website hosting PDF files is vulnerable to attack. The outcomes could range from covert spying on surfers to the creation and spread of dangerous worms.

The intrusion is accomplished through Javascripted links to PDF documents, which could also be sent by email. They take advantage of a vulnerability in the Acrobat Reader to run malicious code when users attempt to open the linked file. The technique appears, for once, to target Firefox rather than IE.

This article from Symantec describes the exploit in more detail and outlines ways to protect yourself, including upgrading to Acrobat Reader 8.0 or disabling the plug-in entirely. Don't miss it!

7 comments:

Jon said...

According to the article, under certain circumstances it will work with different versions of IE. It didn't mention if it works with Windows XP SP2 or IE7

Pam said...

Hi Jon,

My daughter, who is in IT security, reports that she has read that the following are vulnerable:

Firefox

IE6, Adobe Reader 7 on XP SP1

IE6, Adobe Reader 4 on XP SP2

Hope this helps.

Anonymous said...

Thanks for the info, btw: your copyright is out of date(still 2006?).

Anonymous said...

thank you! for the information.
Also the IE7 has many problems
when users install on their computers. Microsoft updates don't have a good solution to fix it. After solve the problem the problem back in few days again. The IE7 has a beutiful style but it is a pain.

Anonymous said...

This is exactly why I switched to Firefox. Thanks for the tip though.

Pam said...

Thanks for the reminder on my copyright Milo. Fixed now, not that it really does much good.

Pam said...

Thanks for the info on IE7, Ruth. I've held off upgrading because of some of the things I've been hearing.