PDF Security Flaws Reach An Unprecedented Level

In its recently published report, IBM states that cyber-criminals are employing maliciously crafted files in increasing instances to capitalize on vulnerable software, whereby an unprecedented number of attack codes are being aimed at security flaws that affect the PDF-reading software.

States the X-Force security report from IBM released in the middle of the year that the total number of disguised attack codes revealed during January-June 2009 have outnumbered those of 2008. Further, there have been numerous updates and patches for Adobe software, while malware continues to attack PDF applications.

Said James Randell, Senior Technology Specialist at IBM X-Force, an unexpectedly huge volume of attacks had occurred against computers that used purposefully 'malformed' documents via the exploitation of vulnerabilities within PDF-reading software. ITPro reported this on August 27, 2009.

Describing the attack as interesting, Randell said that it involved a document, which primarily got embedded into its executable machine-language script.

Moreover, as per the report, a considerable increase in attacks against web applications have occurred that sought to capture data as well as manipulate it via taking control over infected PCs.

The report further states that the total number of security flaws within software programs might have leveled off, suggesting an improvement in development quality by software vendors. According to it, a total of 3,240 new flaws have been detected during January-June 2009.

Said director of X-Force that the trends outlined in the report suggested that players on the Internet had eventually taken on to imbibe the Wild West's characteristics, where there was not a single person to be relied on. Accordingly, there was no longer anything as safe browsing, or the case of only the websites flagged as red light areas regarded as being responsible for malicious software. An apex was reached where each online site needed to be considered as suspicious, with every user being in danger, the director concluded.

Meanwhile, as per the IBM report, experts say that since there is a popular use of PDF files online, and users regularly exchange them for information sharing, it is obviously disturbing to have hackers who might exploit the flaws within this software.

Related article: PDF flaw gets fixed with Adobe patch

» SPAMfighter News - 9/12/2009