Update: According to IT security types, certain versions of Internet Explorer are also vulnerable. They include:
- IE6, Adobe Reader 7 on XP SP1
- IE6, Adobe Reader 4 on XP SP2
I just received a very alarming alert from my daughter who works in IT security. According to a couple of posts that she forwarded to me, the long-trusted PDF document format can now be exploited for cross-site scripting purposes, meaning that any web site hosting PDF files can be used for perpetrating cyber attacks.
According to this CBC News article, which cites research from Symantec and VeriSign, virtually any website hosting PDF files is vulnerable to attack. The outcomes could range from covert spying on surfers to the creation and spread of dangerous worms.
This article from Symantec describes the exploit in more detail and outlines ways to protect yourself, including upgrading to Acrobat Reader 8.0 or disabling the plug-in entirely. Don't miss it!