Security

PDF Security: obfuscated code, hackers and other threats

Hackers are finding increasingly inventive ways of exploiting holes in Acrobat.
The same rich content that makes PDF so useful to businesses can also make it a security risk. Embedding links, images, tables and media uses JavaScript and that allows PDF files to be exploited as an attack vector for hackers.

Although security software can scan for malicious code placed directly in the document, there are increasingly complex ways of obfuscating the code to hide the payload from scanners.

 
 


The usual defences of keeping browsers, security software and the Adobe Reader software itself up to date offer some protection. Adobe has released an update to address the specific vulnerability that was discovered and you should make sure all users have this.

You could disable the Adobe Reader browser plug-in but this will be so inconvenient for users that it’s not worth doing unless another vulnerability is discovered and you’re waiting for a security update. In Internet Explorer this can be done through the Tools > Manage Add-ons option and in Firefox this can be found under the Applications tab accessed via Tools > Options.

A better solution is JavaScript filtering in the firewall or on a security appliance, although you’ll need to set this up carefully to avoid problems on JavaScript-heavy Web sites, and you may need a procedure for unblocking PDFs with embedded content that users need to work with.

In the end, common sense and education are the best weapons. PDFs have to be specially created to exploit this vulnerability. Make users aware that there is a slight risk with PDF files and that they should treat emailed PDF documents they didn’t request with the same caution they use for other potential threats in email and attachments.

Adobe Security Update:

www.adobe.com/support/security/advisories/apsa08-01.html

Adobe Reader Remote Heap Memory Corruption:
www.piotrbania.com/all/adv/adobe-acrobat-adv.txt


 
Banner

Show other articles by this author

Share |
Write comment
security image
smaller | bigger

busy

Download


Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010

 
FREE SUBSCRIPTION!
Banner

IT EXPERT TOP TIP

Microsoft is prone to push features as 'in Windows Server' when they're restricted to a specific edition; find out exactly what's in which edition and what's new as opposed to just updated in this short and clear list. http://www.microsoft.com/windowsserver2008/en/us/compare-features.aspx read more

TAKE THE POLL

Unified communications

Banner

The #1 Bestseller for Only 77p

RECENT COMMENTS