PDF vulnerabilities hit all time high
Attackers are increasingly using maliciously-created documents to take advantage of flawed reading software.
The number of exploits targeting flaws in PDF-reading software are now at an all time high.
The IBM's mid-year X-Force security report said that the amount of "veiled" exploits disclosed in the first half of 2009 were more than in the whole of 2008.
Senior technology specialist at IBM X-Force James Randell told IT PRO that there had been an "unusually" large number of attacks against systems that used documents that were deliberately "malformed". These took advantage of flaws in the PDF-reading software.
"It's a particularly interesting form of attack. It's where you have a document that basically has got embedded within it executable machine-language code," he said.
"What an attacker can do is if they construct the document in the right way, is make the reader trip over itself' internally and end up executing malicious code the attacker has embedded."
The code would then run with whatever security privilege the person using the reader had.
"If they were an administrator reading a technical manual and they opened it up, then the malicious code will run with a high level of privilege and potentially do a lot of damage," Randell said.
This form of attack used social engineering techniques, such as embedding the malicious document in a fake email and sending it to a target.
Successful digital transformations are future ready - now
Research findings identify key ingredients to complete your transformation journeyDownload now
Cyber security for accountants
3 ways to protect yourself and your clients onlineDownload now
The future of database administrators in the era of the autonomous database
Autonomous databases are here. So who needs database administrators anymore?Download now
The IT expert’s guide to AI and content management
Your guide to the biggest opportunities for IT teams when it comes to AI and content managementDownload now