Adobe Reader Exploit
May 2009
F-Secure says stop using Adobe Acrobat Reader. With all the Internet attacks that exploit Adobe Acrobat Reader people should switch to using an alternative PDF reader, a security expert said at the RSA security conference on April 22. Of the targeted attacks so far this year, more than 47 percent of them exploit holes in Acrobat Reader while six vulnerabilities have been discovered that target the program, the chief research officer of security firm F-Secure, said in a briefing with journalists. Just last month, Adobe issued a fix for an Acrobat Reader hole that attackers had been exploiting for months, after issuing a patch for a critical vulnerability in Flash player the month before. In 2008, the favored targeted attack vector was Microsoft Word, which had 15 known vulnerabilities, compared to Acrobat Reader’s 19, and which represented 34.5 percent of the attacks, compared to 28.6 percent for Acrobat Reader, he said. Top-level executives, defense contractors, and other people who have access to specific sensitive corporate or government information are subject to targeted attacks where an attacker sends a file that has malicious code embedded in it. Once the file is opened, the computer is infected typically with a back door that then steals data. PDF and Flash browser plug-ins are also used in attacks known as “drive-by downloads” in which malware is surreptitiously downloaded onto a computer while the user is surfing the Web. The number of PDF files used in attacks rose from 128 between January 1 and April 16 last year to more than 2,300 in that same time period during this year, the chief research officer said.
F-Secure says stop using Adobe Acrobat Reader. With all the Internet attacks that exploit Adobe Acrobat Reader people should switch to using an alternative PDF reader, a security expert said at the RSA security conference on April 22. Of the targeted attacks so far this year, more than 47 percent of them exploit holes in Acrobat Reader while six vulnerabilities have been discovered that target the program, the chief research officer of security firm F-Secure, said in a briefing with journalists. Just last month, Adobe issued a fix for an Acrobat Reader hole that attackers had been exploiting for months, after issuing a patch for a critical vulnerability in Flash player the month before. In 2008, the favored targeted attack vector was Microsoft Word, which had 15 known vulnerabilities, compared to Acrobat Reader’s 19, and which represented 34.5 percent of the attacks, compared to 28.6 percent for Acrobat Reader, he said. Top-level executives, defense contractors, and other people who have access to specific sensitive corporate or government information are subject to targeted attacks where an attacker sends a file that has malicious code embedded in it. Once the file is opened, the computer is infected typically with a back door that then steals data. PDF and Flash browser plug-ins are also used in attacks known as “drive-by downloads” in which malware is surreptitiously downloaded onto a computer while the user is surfing the Web. The number of PDF files used in attacks rose from 128 between January 1 and April 16 last year to more than 2,300 in that same time period during this year, the chief research officer said.
posted by arkietechs at 11:48 AM
0 Comments:
Post a Comment
<< Home