Adobe to patch bug for Reader

June 15th, 2013 by admin Leave a reply »

Adobe is planning to patch fairly low severity security vulnerability in all of the current versions of Reader and Acrobat that could enable an attacker to track which users have opened a certain PDF document. The vulnerability can’t be used for code execution, but researchers say it could be used as part of a larger attack.

The vulnerability was discovered and disclosed in late April by researchers at McAfee, who had been watching the behavior of some odd PDF samples in recent weeks. They noticed that all of the samples had a similar, weird characteristic, leading them to investigate and discover the vulnerability.

“Recently, we detected some unusual PDF samples. After some investigation, we successfully identified that the samples are exploiting an unpatched security issue in every version of Adobe Reader including the latest ‘sandboxed’ Reader XI (11.0.2). Although the issue is not a serious problem (such as allowing code execution), it does let people track the usage of a PDF. Specifically, it allows the sender to see when and where the PDF is opened,” Haifei Li of McAfee wrote.

“When a specific PDF JavaScript API is called with the first parameter having a UNC-located resource, Adobe Reader will access that UNC resource. However, this action is normally blocked and creates a warning dialog asking for permission…The danger is that if the second parameter is provided with a special value, it changes the API’s behavior. In this situation, if the UNC resource exists, we see the warning dialog. However, if the UNC resource does not exist, the warning dialog will not appear even though the TCP traffic has already gone.”

Adobe on Thursday acknowledged the issue and said that it wills vulnerability in its next scheduled Reader update on May 14.  Although neither McAfee nor Adobe consider the vulnerability to be serious, Li said that it could be used as one piece of a larger attack, as a method of gathering some intelligence on a target.

“Malicious senders could exploit this vulnerability to collect sensitive information such as IP address, Internet service provider, or even the victim’s computing routine. In addition, our analysis suggests that more information could be collected by calling various PDF JavaScript APIs. For example, the document’s location on the system could be obtained by calling the JavaScript “this.path” value,” Li wrote.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Leave a Reply