Monday, January 8, 2007

Security Bug found in PDF Reader (Adobe Reader)


Web users are being urged to upgrade their Adobe reader software as a security flaw is found in older versions of the program.

Millions of people use the reader software to view documents prepared in the popular PDF format.

Security researchers said malicious hackers exploiting the flaw could view victim's hard drives or use it to make phishing scams look more plausible.


So far there is no evidence that the bug is being exploited in the wild.

The flaw is found in the web browser plug-in of the Adobe Reader software. Ordinarily this allows PDF documents to be viewed in a browser window.

But by exploiting the flaw hi-tech criminals could use links to PDF files stored on any website to attack vulnerable Windows PCs.

Information about the flaw in the Adobe reader software was first revealed at the annual conference of the Chaos Computer Club - a venerable German hacker group.

Since then security researchers have investigated and found that it could also be used to view files on the hard drive of a vulnerable PC.

Writing about the flaw Symantec security researcher Hon Lau said: "The ease [with] which this weakness can be exploited is breathtaking."

So far no cyber criminals are thought to be actively exploiting the Adobe Reader flaw but code to do so has been produced.

Initially it was thought that only users of the Firefox web browser were at risk but now it is known that Internet Explorer users are vulnerable too.

Upgrading to version 8 of the Adobe Reader software removes the risk of falling victim to the flaw.

Source

No comments:

Your Ad Here