Acrobat issues security warning


Acrobat issues security warning

Cliff Saran

Adobe Acrobat and Adobe Reader have been affected by a major security issue, which can result in hackers gaining control of a user's PC or stealing confidential information.

Acrobat pdf files, which are widely available across the internet, have become the easiest way for companies to distribute electronic versions of their printed catalogues, technical documentation and company reports.

Acrobat is often installed when new PCs are first configured, and sites which use Acrobat files usually give users the opportunity to download the Reader software.

Users have been warned that a cross site scripting (XSS) vulnerability affecting multiple versions of Adobe Acrobat could enable an attacker to execute Javascript when a PDF document is opened.

The attack simply involves appending the URL for the PDF document with malicious Javascript code.

According to Websense Security Labs, an attacker could utilise this vulnerability for a wide variety of malicious actions, such as creating deceptive phishing attacks or propagating across social networking sites. An attacker could also attempt to access the local file system on the PC of an end-user who inadverantly clicks on the URL.

Users running Internet Explorer on Windows XP SP2 are unaffected. But Websense warned that Firefox users would need to upgrade to Acrobat 8.0 or higher.

Adobe's security bulletin

Comment on this article:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy