Adobe, Foxit Probe New No-Bug-Needed PDF Attack

Kara Reeder

Computerworld reports that Adobe and Foxit Software are looking into attacks that use a new tactic that embeds attack code in modified PDF documents.

 

Attacks on PDF readers are nothing new. However, Belgium security researcher Didier Stevens has demonstrated an attack that does not require an underlying vulnerability in either program to hijack a machine; attackers need only to trick users into opening the PDF document.

 

Stevens says Abobe can't patch this:

Patching Adobe Reader isn't possible ... [as] I'm not exploiting a vulnerability, just being creative with the PDF language specs.

Adobe has not committed to making a change in its Reader, but Foxit says it will issue an updated Reader tomorrow, although it has not offered specifics about what it would do.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data