PDF vulnerabilities hit all time high

Attackers are increasingly using maliciously-created documents to take advantage of flawed reading software.

The number of exploits targeting flaws in PDF-reading software are now at an all time high.

The IBM's mid-year X-Force security report said that the amount of "veiled" exploits disclosed in the first half of 2009 were more than in the whole of 2008.

Adobe software has seen numerous patches and updates to fix flaws, while malware increasingly targets PDF software.

Advertisement - Article continues below

Senior technology specialist at IBM X-Force James Randell told IT PRO that there had been an "unusually" large number of attacks against systems that used documents that were deliberately "malformed". These took advantage of flaws in the PDF-reading software.

"It's a particularly interesting form of attack. It's where you have a document that basically has got embedded within it executable machine-language code," he said.

"What an attacker can do is if they construct the document in the right way, is make the reader trip over itself' internally and end up executing malicious code the attacker has embedded."

The code would then run with whatever security privilege the person using the reader had.

"If they were an administrator reading a technical manual and they opened it up, then the malicious code will run with a high level of privilege and potentially do a lot of damage," Randell said.

Advertisement
Advertisement - Article continues below

This form of attack used social engineering techniques, such as embedding the malicious document in a fake email and sending it to a target.

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement

Recommended

Visit/cloud/cloud-storage/355295/defeat-your-data-deluge-with-cloud-object-storage
Advertisement Feature

Defeat your data deluge with cloud object storage

10 Apr 2020
Visit/security/vulnerability/355276/businesses-brace-for-second-fujiwhara-effect-of-2020-as-patch-tuesday
vulnerability

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020
Visit/security/cyber-security/355267/zoom-hires-ex-facebook-cso-to-boost-platform-security
cyber security

Zoom hires ex-Facebook CSO Alex Stamos to boost platform security

8 Apr 2020
Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020

Most Popular

Visit/software/video-conferencing/355257/taiwan-first-country-to-ban-zoom-amid-security-concerns
video conferencing

Taiwan becomes first country to ban Zoom amid security concerns

8 Apr 2020
Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/security/cyber-security/355271/microsoft-gobbles-up-corpcom-domain-to-keep-it-from-hackers
cyber security

Microsoft gobbles up corp.com domain to keep it from hackers

8 Apr 2020