Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!


Critical security hole found in Acrobat Reader software

Google
Save your company's valuable data with Proxy Sentinel™ from Internet Security. Click here for all the details.

January 5, 2007

Internet security software experts warn that a recently discovered security hole in the widely used Adobe Acrobat Reader software could jeopardize Internet users with greater risks than previously believed.

At first, security professionals thought that the security problem was only restricted and exposed to Web-related data or could support phishing schemes.

Today, consultants at Internet security firms WhiteHat Security and SPI Dynamics revealed that potential hackers could exploit the Acrobat Reader security flaw to access all the information on a victim's hard disk drive.

The key to increased access is where hostile links point to.

When the security issue was first discovered, experts warned of links with malicious JavaScript to PDF files hosted on Web sites. While risky, this actually limits the attacker's access to a PC. It has now been discovered that those limits can be removed by directing a malicious link to a PDF file on a victim's computer.

"This means any JavaScript can access the user's local machine," Billy Hoffman, lead engineer at SPI Dynamics, said in an emailed statement. "Depending on the browser, this means the JavaScript can read the user's files, delete them, execute programs, send the contents to the attacker, etc. This is much worse than an attack in the remote zone."

By contrast, a link to a PDF hosted on a website with malicious JavaScript code would run on the user's machine with limited access, or the "remote zone," Hoffman said.

For example, script code in a link to a PDF on "bank.com" would be able to communicate with bank.com and access its cookies, he said. Such a standard cross-site-scripting attack could allow account hijacks, for example.

The security problem exists because the Web browser plug-in of the Adobe Systems' Acrobat Reader allows JavaScript code appended to links to PDF files to run once the link is clicked, said Jeremiah Grossman, chief technology officer at WhiteHat Security.

For an Internet attack to work, a malicious link has to point to an existing PDF file on the Internet or on the target system. PDFs are abundant on the Web and finding one on a local system also isn't hard.

As a whole, a sample PDF file comes with Acrobat Reader and is installed in a predictable location on PCs, Grossman said.

Adobe`s new security problem was first disclosed at the Chaos Computer Club conference in Germany over the holidays in a paper by Stafano Di Paola and Giorgio Fedon. The extended scope of the issue was publicized late Wednesday by a hacker using the moniker "RSnake."

Adobe is aware of the claims that an attack could have broader implications, but had not verified the issue, a company representative said in a statement e-mailed Thursday.

"Based upon info we have, Flash Player, Reader and modern browsers should restrict such an exploit, but we haven't completed our evaluation of all possible scenarios," the representative said.

To mitigate the threat, people can upgrade to Adobe Reader 8, the latest version of the Adobe software released last month. Adobe is also working on updates to previous versions that will resolve this issue, the company has said.

Source: C-Net News

Google


Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer