PDF vulnerabilities hit all time high
Attackers are increasingly using maliciously-created documents to take advantage of flawed reading software.
The number of exploits targeting flaws in PDF-reading software are now at an all time high.
The IBM's mid-year X-Force security report said that the amount of "veiled" exploits disclosed in the first half of 2009 were more than in the whole of 2008.
Senior technology specialist at IBM X-Force James Randell told IT PRO that there had been an "unusually" large number of attacks against systems that used documents that were deliberately "malformed". These took advantage of flaws in the PDF-reading software.
"It's a particularly interesting form of attack. It's where you have a document that basically has got embedded within it executable machine-language code," he said.
"What an attacker can do is if they construct the document in the right way, is make the reader trip over itself' internally and end up executing malicious code the attacker has embedded."
The code would then run with whatever security privilege the person using the reader had.
"If they were an administrator reading a technical manual and they opened it up, then the malicious code will run with a high level of privilege and potentially do a lot of damage," Randell said.
This form of attack used social engineering techniques, such as embedding the malicious document in a fake email and sending it to a target.
Key considerations for implementing secure telework at scale
Identifying the security risks and advanced requirements of a remote workforceDownload now
The State of Salesforce 2020
Your guide to getting the most from SalesforceDownload now
Fast, flexible and compliant e-signatures for global businesses
Be at the forefront of digital transformation with electronic signaturesDownload now
Rethink your cybersecurity strategy for the new world
5 steps to secure the enterprise and be fit for a flexible futureDownload now