Advertising

The Seattle Times Company

NWjobs | NWautos | NWhomes | NWsource | Free Classifieds | seattletimes.com

The Seattle Times

Business / Technology


Our network sites seattletimes.com | Advanced
Quick links: Traffic | Movies | Restaurants | Today's events | Video | Photos | Blogs | Forums | Newspaper delivery
Contact us

Originally published January 4, 2007 at 12:00 AM | Page modified January 4, 2007 at 1:01 PM

E-mail article     Print view

Adobe Reader flaw seen as major PC security problem

Computer security researchers said Wednesday they have discovered a vulnerability in Adobe Systems Inc.'s ubiquitous Acrobat Reader software that allows cyber-intruders to attack personal computers through trusted Web links.

By Jordan Robertson

The Associated Press

SAN FRANCISCO (AP) — Computer security researchers said Wednesday they have discovered a vulnerability in Adobe Systems Inc.'s ubiquitous Acrobat Reader software that allows cyber-intruders to attack personal computers through trusted Web links.

Virtually any Web site hosting Portable Document Format, or PDF, files are vulnerable to attack, according to researchers from Symantec Corp. and VeriSign Inc.'s iDefense Intelligence.

The attacks could range from stealing cookies that track a user's Web browsing history to the creation of harmful worms, the researchers said.

The flaw, first revealed at a hacker conference in Germany over the holidays, exists in a plug-in that enables Acrobat users to view PDF files within Web browsers.

By manipulating the Web links to those documents, hackers and online thieves are able to commandeer the Acrobat software and run malicious code when users attempt to open the files, according to Ken Dunham, director of the rapid response team at VeriSign's iDefense Intelligence.

Dunham gave this hypothetical scenario: an attacker finds a PDF file on a banking Web site. The attacker creates a hostile Web site that links to the bank's PDF file. Included is malicious JavaScript code that will run on the unsuspecting user's computer once the link is clicked.

"PDF is trusted and tried and true — everyone uses it," Dunham said. "But instead of just viewing the file, you've initiated script that shouldn't be executed. All you have to do is click on the PDF and the ball starts rolling."

Representatives from Adobe did not return a call from The Associated Press on Wednesday night.

The flaw appears to target Microsoft Corp.'s Internet Explorer 6.0 Web browser and earlier versions, and Mozilla's Firefox browser, the researchers said.

They recommended that users protect themselves by upgrading Internet Explorer or changing Firefox's user options so the browser does not use the Acrobat plug-in.

Researchers said it's unclear how pervasive or harmful any future attacks might be.

"Given that it is easy to exploit, I would expect that we will see this method used considerably in the coming days and weeks, until it is resolved," a Symantec researcher said in a posting on a company Web log.

Copyright © 2007 The Seattle Times Company

More Business & Technology headlines...

E-mail article Print view      Share:    Digg     Newsvine

advertising

More Business & Technology

Nintendo re-enlists Mario, savior of video-game industry

Verizon-Frontier deal stirs concern among consumers

Brier Dudley: 'Guitar Hero' founder excited about future

Gaps for consumers in Democrat health care bills

Hutch gets $10M from Bezos family for immunotherapy research

Advertising

Video

Real Salt Lake wins MLS Cup
Real Salt Lake defeated the Los Angeles Galaxy with penalty kicks after 120 minutes of play at Qwest Field in Seattle.

Raw Video | Real Salt Lake receives the MLS Cup trophy
Raw Video | Real Salt Lake fans celebrate
Real Salt Lake fans enter Qwest Field
Raw Video | MLS Cup Opening Ceremony
LA Galaxy's David Beckham
Real Salt Lake's Kyle Beckerman
MLS trophy arrives in Seattle
Chittenden Locks Inspection
Full interview with New Moon actors

More videos

Marketplace

nwautos

2009's most fuel-efficient sedansnew
Choosing a new sedan? Weigh the impact of your choice on your wallet and on the planet.
Post a comment

Most Popular Cars

Chrysler Sebring
Toyota Camry
Chevrolet Corvette

nwhomes

Find a Home

For sale
New Homes
Foreclosures
Search properties for sale
Rent a home or apartment
Post your property or rental

Open Houses

Find this weekend's open house listings.
Or search by location:

 
Most read
Most commented
Most e-mailed
 
 
  1. 'The Road' takes Viggo Mortensen to Mount St. Helens and Astoria, Ore.
  2. Tugboat sinks at Seattle waterfront pier
  3. Child-support error costs nearly $21,000
  4. Craigslist adoption ad: A plea by young mother-to-be? A scam?
  5. Chase shrugs off loss of CD investors
  6. Vikings easily beat the Seahawks
  7. Denny Triangle gains skyline, but tenants slow to come
  8. Snow piles up on Cascade slopes
  9. Woman stabbed by stranger in North Seattle
  10. Illegal workers quietly let go
  1. Senate vote clears hurdle Comments239
  2. Vikings easily beat the Seahawks Comments137
  3. Child-support error costs nearly $21,000 Comments129
  4. Palin excitement builds in Tri-Cities Comments124
  5. Tight Senate vote launches health care over hurdle Comments123
  6. Cutting through breast-cancer confusion Comments91
  7. Historic health care bill clears Senate hurdle Comments90
  8. Game thread Comments70
  9. New York terror trials will restore faith in rule of law Comments66
  10. Chase shrugs off loss of CD investors Comments54
  1. 'The Road' takes Viggo Mortensen to Mount St. Helens and Astoria, Ore.
  2. Child-support error costs nearly $21,000
  3. It's possible to recover a life lost to hoarding
  4. Washington state wines make annual best-of list
  5. Sprouts, raw fish on attorney's 'do not eat' list
  6. Banff: powder, peaks & purity
  7. Chase shrugs off loss of CD investors
  8. Rediscovering Moab, 'the most beautiful place on Earth'
  9. Denny Triangle gains skyline, but tenants slow to come
  10. Protect yourself from baggage loss
Advertising