Adobe PDF Vulnerability Bigger Than First Thought

A security risk in the Adobe Acrobat reader, first thought to have only exposed web-related data by malicious sites links to PDF files online, can now be exploited locally. This would give the attacker the full range of options, read files, delete files, execute programs, send the contents to the attacker, so they could do lots of harm to unsuspecting users.

Initially, security professionals thought that the problem was restricted and exposed only Web-related data or could support phishing scams. Now it has been discovered that miscreants could exploit the problem to access all information on a victim’s hard disk drive, said Web security specialists at WhiteHat Security and SPI Dynamics.

“This means any JavaScript can access the user’s local machine,” Billy Hoffman, lead engineer at SPI Dynamics, said in an e-mailed statement. “Depending on the browser, this means the JavaScript can read the user’s files, delete them, execute programs, send the contents to the attacker, et cetera. This is much worse than an attack in the remote zone.” Source:

Adobe says that Flash Player and Reader, and modern browsers should block this, but have not verified this for sure, as of yet. Adobe says the best option, until they release updates to fix the older versions, is for users to upgrade to version 8 of adobe Reader, by clicking here.