Be careful out there.
A zero-day PDF vulnerability in Adobe’s Acrobat Reader has come to light that can lead to Windows boxes getting taken over completely and invisibly, according to a security researcher.
“All it takes is to open a [maliciously rigged] PDF document or stumble across a page which embeds one,” said researcher Petko D. Petkov, aka pdp, in a blog posting on Sept. 20.
[...]
Paul Henry, vice president of technology and evangelism at Secure Computing, based in San Jose, Calif., said in an interview with eWEEK that PDF vulnerabilities have a strong advantage when it comes to users being tempted into opening them, giving this vulnerability the potential to become a “huge” attack vector. “From a social engineering standpoint, it’s easier to attach a PDF to e-mail and assume [the target will] open it. If you’ve got a request to launch a video conversation from someone you never heard of, chances are you won’t do it. Or you won’t click on a video online if you don’t know where it’s from. But from a social engineering point of view, this is deeper.”
[...]
The scenario is that an attacker rigs a PDF file designed to exploit the flaw. He or she distributes it via e-mail or through other means, or hosts it on a Web page. When a user opens the rigged PDF file with a vulnerable application, the user’s machine can be loaded with malware that makes it open to a takeover.
[...]
“The ability to use PDFs to install malware and steal personal information from remote PCs is here,” he said in a statement. “Readers should be cautioned to only open PDF files from senders they explicitly trust.”
One Response
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.
Continuing the Discussion