Adobe Reader under attack again
by Sky on Dec.17, 2009, under Debris, Security, Technology and geeky stuff
Adobe Reader is one of the most oft-used programs in the world. (Probably next to MS Word and other word processors.) And we all think it’s safe because it just reads a document format and displays it.
To our surprise, we learned earlier this year that the Adobe Reader processes JavaScript that can be embedded in its PDF documents. Once again, here in December 2009, another vulnerability allows JavaScript can be exploited to turn a PDF into a malicious piece o’ stuff.
The fault won’t be fixed until mid-January 2010. Big companies have long turnaround on fixing software. Yes, they have to test to be sure everything still works after they make a fix – but meanwhile we can’t safely open PDF documents unless we have JavaScript turned off.
The attack vector is to send a poisoned PDF file to intended target individuals, purporting to be “From: a friend” and hoping that they’ll open the attached PDF thinking that it’s safe. Wrong again. You won’t be caught by this, will you?
More on this attack on DarkReading.com.
No related posts.
}Leave a Reply
-
Welcome!
I hope you'll enjoy this mix of topics stemming from my ongoing experiences in the world of online communication. Oh, and sometimes the inspiration comes from face-to-face communications too. Many are sparked by my work as Chief Technology Officer of The Dalai Lama Foundation. Current Features —
CyberSpark.net — Cyber-defense for free speech and human rights onlineMany Paths to Peace — Explore the many ways compassionate peacemakers are working to make this a better world. (Video interviews)
Traveling Geeks — The fun continues! The geeks traveled to London and Cambridge in July, and to Paris in December — and the conversation continues long after the trip has finished. Join us.
