PDF files and Adobe Reader should be security priority for 2010, says Qualys


PDF files and Adobe Reader should be security priority for 2010, says Qualys

Warwick Ashford

The frequency and severity of security flaws in Adobe's Reader software make it a top priority for IT security managers in 2010, says security firm Qualys.

Adobe Reader is an attractive target for attackers because the free, cross-platform software has a large installed base and is widely used by business to access Portable Document Format (PDF) files.

Hackers are able to craft seemingly innocent PDF documents that contain everything necessary to exploit the victim's computer without needing to download anything.

According to Sans Internet Storm Center analyst Bojan Zdrnja, there is evidence of a high level of skill in recently analysed Adobe Reader exploit code.

"If we are to judge the new year by the sophistication the attackers have started using, it does not look too good," he wrote in a blog post.

Organisations need to come up with a plan for dealing with PDF file attacks in 2010 as a matter of urgency, said Wolfgang Kandek, chief technology officer at Qualys.

"No matter what the final decision is, it is essential to update to the latest software version or use an alternative PDF reader less scrutinised by attackers," he said.

Adobe has announced that it is to release patches for current vulnerabilities in Adobe Reader on 12 January to coincide with Microsoft's monthly Patch Tuesday security update.

The firm has released a separate security advisory on what steps system administrators can take to mitigate against exploitation of the vulnerabilities in Adobe Reader until the patch is released.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy