PDF vulnerabilities hit all time high

Attackers are increasingly using maliciously-created documents to take advantage of flawed reading software.

The number of exploits targeting flaws in PDF-reading software are now at an all time high.

The IBM's mid-year X-Force security report said that the amount of "veiled" exploits disclosed in the first half of 2009 were more than in the whole of 2008.

Adobe software has seen numerous patches and updates to fix flaws, while malware increasingly targets PDF software.

Advertisement - Article continues below

Senior technology specialist at IBM X-Force James Randell told IT PRO that there had been an "unusually" large number of attacks against systems that used documents that were deliberately "malformed". These took advantage of flaws in the PDF-reading software.

"It's a particularly interesting form of attack. It's where you have a document that basically has got embedded within it executable machine-language code," he said.

"What an attacker can do is if they construct the document in the right way, is make the reader trip over itself' internally and end up executing malicious code the attacker has embedded."

The code would then run with whatever security privilege the person using the reader had.

"If they were an administrator reading a technical manual and they opened it up, then the malicious code will run with a high level of privilege and potentially do a lot of damage," Randell said.

Advertisement
Advertisement - Article continues below

This form of attack used social engineering techniques, such as embedding the malicious document in a fake email and sending it to a target.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
IBM Cloud launches centralised security and compliance hub
cloud computing

IBM Cloud launches centralised security and compliance hub

22 Jul 2020
IBM teams with Adobe and Red Hat to drive personalized customer experiences
Cloud

IBM teams with Adobe and Red Hat to drive personalized customer experiences

20 Jul 2020
IBM unveils AI-powered inventory control system
artificial intelligence (AI)

IBM unveils AI-powered inventory control system

2 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
UN report points to a 350% rise in phishing websites at start of 2020
phishing

UN report points to a 350% rise in phishing websites at start of 2020

7 Aug 2020