Adobe Reader under attack again

by Sky on Dec.17, 2009, under Debris, Security, Technology and geeky stuff

reader_icon_special Adobe Reader is one of the most oft-used programs in the world. (Probably next to MS Word and other word processors.) And we all think it’s safe because it just reads a document format and displays it.

To our surprise, we learned earlier this year that the Adobe Reader processes JavaScript that can be embedded in its PDF documents. Once again, here in December 2009, another vulnerability allows JavaScript can be exploited to turn a PDF into a malicious piece o’ stuff.

The fault won’t be fixed until mid-January 2010. Big companies have long turnaround on fixing software. Yes, they have to test to be sure everything still works after they make a fix – but meanwhile we can’t safely open PDF documents unless we have JavaScript turned off.

The attack vector is to send a poisoned PDF file to intended target individuals, purporting to be “From: a friend” and hoping that they’ll open the attached PDF thinking that it’s safe. Wrong again. You won’t be caught by this, will you?

More on this attack on DarkReading.com.

Tweet This Post

Related Articles

Can short URL sites and Twitter together be attack vectors? — On my site The Social Graph of Malware, I try to present current information (with appropriate background) on malware and attack vectors that use social...

The Exploitation of the Online Class — I have been kept more than busy. Super busy. Recently with the many online exploits that assault us on all fronts. I wonder how many...

On again, off again, the future of connectivity — That we will have mobile communication and memory and computing devices with us everywhere we go and that they'll be connected to the network and...

It’s the User, Stupid (It’s the Stupid User?) — In The Curious Case of the Invulnerable Browser, Roger Grimes of Infoworld writes about the recent CanSecWest 2009 PWN2OWN contest where hackers pitted their skills...

}

No comments for this entry yet...

Welcome!
I hope you'll enjoy this mix of topics stemming from my ongoing experiences in the world of online communication. Oh, and sometimes the inspiration comes from face-to-face communications too. Many are sparked by my work as Chief Technology Officer of The Dalai Lama Foundation.
Current Features —

Many Paths to Peace — Explore the many ways compassionate peacemakers are working to make this a better world. (Video interviews)

Traveling Geeks — The fun continues! The geeks traveled to London and Cambridge in July, and to Paris in December — and the conversation continues long after the trip has finished. Join us.

Facebook— Visit The Dalai Lama Foundation's fan page.

Categories!

Archives
- 2010
  - January (27)
  - February (5)
  - March (4)
- 2009
  - January (5)
  - February (3)
  - March (6)
  - April (15)
  - May (10)
  - June (17)
  - July (19)
  - August (6)
  - September (8)
  - October (7)
  - November (1)
  - December (9)
- 2008
  - January (4)
  - February (3)
  - March (2)
  - April (2)
  - May (6)
  - June (3)
  - July (6)
  - August (3)
  - September (3)
  - October (2)
  - November (3)
  - December (1)
- 2007
  - January (1)
  - February (7)
  - March (13)
  - April (4)
  - May (12)
  - June (2)
  - July (2)
  - August (6)
  - September (7)
  - October (3)
  - November (2)
  - December (1)
- 2006
  - January (3)
  - February (2)
  - March (1)
  - April (1)
  - June (3)
  - July (1)
  - August (4)
  - September (3)
  - October (17)
  - November (4)
  - December (4)
- 2005
  - March (1)
  - April (2)
  - July (1)
  - October (1)
  - December (1)
- 2004
  - January (1)
  - February (3)
  - May (1)
  - August (2)
  - September (1)
  - December (3)
- 2003
  - October (3)
  - November (2)
  - December (2)
Extras
- Register
- Lost your password?
Username

Password

Or login using an OpenID

Learn about OpenID

Sky’s Blog

Adobe Reader under attack again

Leave a Reply

Welcome!

Current Features —

Categories!

Archives

Extras

Looking for something?

Related sites