Acrobat issues security warning


Acrobat issues security warning

Cliff Saran

Adobe Acrobat and Adobe Reader have been affected by a major security issue, which can result in hackers gaining control of a user's PC or stealing confidential information.

Acrobat pdf files, which are widely available across the internet, have become the easiest way for companies to distribute electronic versions of their printed catalogues, technical documentation and company reports.

Acrobat is often installed when new PCs are first configured, and sites which use Acrobat files usually give users the opportunity to download the Reader software.

Users have been warned that a cross site scripting (XSS) vulnerability affecting multiple versions of Adobe Acrobat could enable an attacker to execute Javascript when a PDF document is opened.

The attack simply involves appending the URL for the PDF document with malicious Javascript code.

According to Websense Security Labs, an attacker could utilise this vulnerability for a wide variety of malicious actions, such as creating deceptive phishing attacks or propagating across social networking sites. An attacker could also attempt to access the local file system on the PC of an end-user who inadverantly clicks on the URL.

Users running Internet Explorer on Windows XP SP2 are unaffected. But Websense warned that Firefox users would need to upgrade to Acrobat 8.0 or higher.

Adobe's security bulletin

Comment on this article:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy