McAfee spots Adobe Reader PDF-tracking flaw
A flaw in Adobe Reader could allow an attacker to see when and where a PDF is opened.
IDG News Service - McAfee said it has found a vulnerability in Adobe Systems' Reader program that reveals when and where a PDF document is opened.
The issue is not a serious problem and does not allow for remote code execution, wrote McAfee's Haifei Li in a blog post. But McAfee does consider it a security problem and has notified Adobe. It affects every version of Adobe Reader, including the latest version, 11.0.2, Li wrote.
McAfee recently detected some "unusual" PDF samples, Li wrote. McAfee withheld some key details of the vulnerability, but did generally describe it.
Li suggests the problem could be used for reconnaissance by attackers.
"Some people might leverage this issue just out of curiosity to know who has opened their PDF documents, but others won't stop there," Li wrote. "An APT [advanced persistent threat] attack usually consists of several sophisticated steps. The first step is often collecting information from the victim; this issue opens the door."
Send news tips and comments to email@example.com. Follow me on Twitter: @jeremy_kirk
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts