PDF Files Vulnerable to Security Attack, Cautions Researcher

According to security researcher Julia Wolf with California based 'FireEye,' there is a new security flaw within the Adobe PDF file arrangement that reportedly exposes its documents to security assault.

Said the researcher that while the majority of organizations used PDF files as a standard way for documenting their data on computers as well as anywhere on the Web, the particular file format provided low security to data that could be easily altered on the basis of which browser or operating system was running.

She further stated, while at the Germany held 27th Chaos Computer Club seminar, that attackers could effortlessly manipulate certain PDF functions for waging assaults on targeted networks. 'In Audit' published this in news on January 4, 2011.

Citing one example, Ms. Wolf said that software within Acrobat Reader could be run via data networks having low security that could begin scanning a database within a specific network subsequent to the printing of PDF files utilizing the printer of that network.

Moreover, given that PDF files can combine Flash, video, and audio files along with JavaScript and other similar formats that are potentially less secured, it implies that these files can conceal programs and data rendering them as probable environments for assault.

Says the researcher, the situation can be further worsened since the majority of security applications aren't able to spot malicious software inside an Adobe PDF file, with over fifty percent of scanning engines actually failing in the particular detection process.

What's more, it is possible to read and modify every Adobe PDF metadata and document using the programming language - JavaScript.

Meanwhile, Microsoft too, lately, cautioned users that there was one security flaw within a few of its previous applications; however, it hadn't got any reports about the vulnerability getting exploited towards waging an attack.

Security specialists, while remarking about the latest PDF problem, stated that it had been prevailing since a while now though it wasn't actively addressed. However, fortunately, Adobe seemingly knew the shortcomings now following which it was considering establishing a memory function, which would let the execution of programs individually via safe mode.

Related article: PDF flaw gets fixed with Adobe patch

» SPAMfighter News - 1/17/2011