PDF Security: obfuscated code, hackers and other threats

Hackers are finding increasingly inventive ways of exploiting holes in Acrobat.
The same rich content that makes PDF so useful to businesses can also make it a security risk. Embedding links, images, tables and media uses JavaScript and that allows PDF files to be exploited as an attack vector for hackers.

Although security software can scan for malicious code placed directly in the document, there are increasingly complex ways of obfuscating the code to hide the payload from scanners.

The usual defences of keeping browsers, security software and the Adobe Reader software itself up to date offer some protection. Adobe has released an update to address the specific vulnerability that was discovered and you should make sure all users have this.

You could disable the Adobe Reader browser plug-in but this will be so inconvenient for users that it’s not worth doing unless another vulnerability is discovered and you’re waiting for a security update. In Internet Explorer this can be done through the Tools > Manage Add-ons option and in Firefox this can be found under the Applications tab accessed via Tools > Options.

A better solution is JavaScript filtering in the firewall or on a security appliance, although you’ll need to set this up carefully to avoid problems on JavaScript-heavy Web sites, and you may need a procedure for unblocking PDFs with embedded content that users need to work with.

In the end, common sense and education are the best weapons. PDFs have to be specially created to exploit this vulnerability. Make users aware that there is a slight risk with PDF files and that they should treat emailed PDF documents they didn’t request with the same caution they use for other potential threats in email and attachments.

Adobe Security Update:
www.adobe.com/support/security/advisories/apsa08-01.html

Adobe Reader Remote Heap Memory Corruption:
www.piotrbania.com/all/adv/adobe-acrobat-adv.txt