NEWS /
|
Computer security researchers said Wednesday they have discovered a vulnerability in Adobe Systems Inc.'s ubiquitous Acrobat Reader software that allows cyber-intruders to attack personal computers through trusted Web links. Virtually any Web site hosting Portable Document Format, or PDF, files are vulnerable to attack, according to researchers from Symantec Corp. and VeriSign Inc.'s iDefense Intelligence. The attacks could range from stealing cookies that track a user's Web browsing history to the creation of harmful worms, the researchers said. The flaw, first revealed at a hacker conference in Germany over the holidays, exists in a plug-in that enables Acrobat users to view PDF files within Web browsers. By manipulating the Web links to those documents, hackers and online thieves are able to commandeer the Acrobat software and run malicious code when users attempt to open the files, according to Ken Dunham, director of the rapid response team at VeriSign's iDefense Intelligence. Dunham gave this hypothetical scenario: an attacker finds a PDF file on a banking Web site. The attacker creates a hostile Web site that links to the bank's PDF file. Included is malicious JavaScript code that will run on the unsuspecting user's computer once the link is clicked. ''PDF is trusted and tried and true — everyone uses it,'' Dunham said. ''But instead of just viewing the file, you've initiated script that shouldn't be executed. All you have to do is click on the PDF and the ball starts rolling.'' Representatives from Adobe did not return a call from The Associated Press on Wednesday night. The flaw appears to target Microsoft Corp.'s Internet Explorer 6.0 Web browser and earlier versions, and Mozilla's Firefox browser, the researchers said. They recommended that users protect themselves by upgrading Internet Explorer or changing Firefox's user options so the browser does not use the Acrobat plug-in. Researchers said it's unclear how pervasive or harmful any future attacks might be. ''Given that it is easy to exploit, I would expect that we will see this method used considerably in the coming days and weeks, until it is resolved,'' a Symantec researcher said in a posting on a company Web log. |
Tags: Adobe , Acrobat , PDF , VeriSign
Adobe releases new security update for Flash Player
Adobe updates Android Flash Player to 11.1, adds ICS support
Galaxy Nexus bug fix and Flash support coming this month
No Adobe Flash support for Android 4.0, yet
Adobe for Android gets an update
Adobe to get aggressive with HTML5, kill Flash for mobiles
Leaked Images, Availability, Pricing,
Specs, Pre-order
Karbonn officially launches the A9 Android smartphone
14 May, 2012, 06:14 PM IST
Supreme Court website hacked in response to TPB, Vimeo block
17 May, 2012, 04:46 PM IST
Sony Xperia P up for pre-order on Infibeam, launching on 25 May
19 May, 2012, 04:32 PM IST
Samsung Galaxy S III pops up on eBay India for Rs. 44,770
22 May, 2012, 11:19 AM IST
16 May, 2012, 11:57 AM IST
The latest "should they-shouldn't they" event with Facebook is the lift of the minimu...
Portable Wi-Fi Drives for your smartphone
Fed up of the limited storage on your mobile device? Here are some devices
Top 5 potential Gmail alternatives
Google’s Gmail service is arguably the most advanced and feature-packed...
Five ways to beat the petrol hike
Petrol prices went up by a considerable amount post Wednesday, and this...
By Karan Shah

SpaceX's Dragon capsule locks up to the ISS
26 May, 2012, 04:18 PM IST
In a moment that is nothing short of being historic, SpaceX’s Dragon capsule has, according to NASA reports ...
Microsoft VP talks about Ballmer's new tech - an 80-inch touchscreen
Cisco won't invest in their Android tablet for businesses
Yahoo! shuts down Livestand 6 months after launch
Giant radio telescope gets split location

Sony to roll-out ICS update next week,...
BlackBerry Curve 9320 announced in India...
Microsoft VP talks about Ballmer's...
Cisco won't invest in their Android...


















Mixx
Facebook
Twitter
Digg
delicious
reddit
MySpace
StumbleUpon
LinkedIn










































































_011517074205_160x90.jpg)















