Adobe announced a new vulnerability affecting Flash and Reader products. As per the report, this is being actively exploited in the wild.
Over the past year or so we started seeing more PDF reader based attacks and there have been numerous exploits during this time. A recent report published by f-secure confirms this.
Source: f-secure
Last year, some of the major Reader vulnerabilities included the JavaScript bugs, the JBIG2 compression algorithm vulnerabilities, and memory corruption vulnerabilities.
Back in March this year, Didier Stevens published another interesting attack, he discussed a POC relating to the /launch functionality in PDF files. More information is available here.
Back in March this year, Didier Stevens published another interesting attack, he discussed a POC relating to the /launch functionality in PDF files. More information is available here.
So, with Adobe PDF Reader having all these vulnerabilities, what are our options?
Online services like Google Docs can display pdf documents right in the web browser. The advantage of this method is that the pdf is not executed on the user's computer system which means that any exploits will have no effect.
Firefox has a plugin to open PDF documents in Google Docs, this plugin, GPDF can be found from the Mozilla repository.
No comments:
Post a Comment