Security Flaw In Reader Plug-in Exposes To AttacksReader browser plug-in of Adobe system contains a considerable flaw that attackers can exploit to obtain control of users' computers running Opera and Firefox browsers, reported Symantec on January 3, 2007. Stefano Di Paola and Giorgio Fedon first highlighted the problem. The pair of researchers in the last week of December 2006 presented a paper in Berlin discussing security issues involving Web 2.0 technologies such as AJAX (Asynchronous JavaScript and Extensible Markup Language). Cyber crooks can take advantage of the error in Adobe's Web browser plug-in by opting simultaneously the address of the Web site that hosts an Adobe PDF file, to launch attacks, said Symantec and VeriSign iDefense. The attacker could create apparently trusted links and add malicious JavaScript code that would install itself when a user clicks on the link, they said. The manner in which the plug-in handles URL parameters known as "Open Parameters" causes the vulnerability. Using Open Parameters in Adobe Reader, a software maker can specify exactly what and how to display a document. Di Paola and Fedon further said in their research paper that the attack that exploits the flaw called universal cross-site scripting uses a problem in the browser instead of flaw within a Web site. In a scripting attack launched across sites unintentional execution of the code takes place within a string of queries that a particular URL may have. When recipients click on the URL that might be included in the e-mail they receive, they would be led to the specifically crafted web page of a site. If they submit their personal information on a form in the page, that will be transmitted to the remote attacker and the victims will never know that the attacker tampered with the site. Considering the nature of the problem that the Reader plug-in is encountering at the moment, the two researchers Di Paola & Fedon cautioned, Web 2.0 applications for instance Google Inc.'s Gmail and Google maps, those that employ AJAX, need to tighten their security within Web browsers. If this is not ensured, hackers can turn such applications featuring a wide spectrum of functions into weapons, they wrote. Related article: Securities Push Up A Must For Web Companies » SPAMfighter News - 1/8/2007 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
