Security News

Foxit Plugs Multiple Security Holes in PDF Reader, Editor
2021-07-28 15:39

Foxit Software this week released security updates for its PDF Reader and PDF Editor applications, to address multiple vulnerabilities, including some leading to remote code execution. All three flaws are use-after-free vulnerabilities in the JavaScript engine of PDF Reader that an attacker could exploit by tricking the target into opening a malicious PDF file.

Adobe Patches 11 Critical Bugs in Popular Acrobat PDF Reader
2021-07-13 18:55

Eleven critical bugs in Adobe's popular and free PDF reader, Acrobat, open both Window and macOS users to attacks ranging from an adversary arbitrarily executing commands on a targeted system to data leakage tied to system-read and memory flaws. The free Acrobat Reader 2020 and PDF-creation and editing software Acrobat 2020 were among the list of those programs with critical bugs patched.

Microsoft faces up to an old foe with out-of-band patch for PDF weirdness
2021-06-30 17:30

USENIX, the not-for-profit advanced computing association, has decided to put an end to its beloved LISA sysadmin conferences, at least as a standalone event. In an online announcement, the LISA steering committee said that after 35 years of producing the "Best systems engineering content" the event "Will no longer be scheduled as a standalone conference."

Windows 10 KB5004760 emergency update fixes PDF opening issue
2021-06-30 12:12

Microsoft has released an optional out-of-band update for all supported Windows 10 versions to address an issue preventing customers from opening PDF documents using some applications. The KB5004760 emergency update is available for devices running client editions of Windows 10 versions 2004, 20H2, and 21H1, as well as Windows Server versions 2004 and 20H2. "An out-of-band optional update is now available on the Microsoft Update Catalog to address an issue in which Internet Explorer 11 and apps using the WebBrowser control might fail to open PDFs," the company says.

Malicious PDFs Flood the Web, Lead to Password-Snarfing
2021-06-15 17:05

The pushers behind the SolarMarker backdoor malware are flooding the web with PDFs stuffed with keywords and links that redirect to the password-stealing, credential-snarfing malware. The attackers have expanded their range, according to Microsoft Security Intelligence, whose researchers have seen them shift from originally using Google Sites to now primarily using Amazon Web Services and the Strikingly free website builder service.

Adobe Patches Major Security Flaws in PDF Reader, Photoshop
2021-06-08 17:28

Adobe's product security response machine revved into high gear this week with the release of multiple patches for gaping security holes in widely deployed software products. According to the San Jose, Calif. software maker, this month's batch of patches address a swathe of potentially dangerous vulnerabilities in Adobe Acrobat and Reader, Adobe Photoshop, and the ever-present Adobe Creative Cloud Desktop Application.

Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents
2021-05-29 01:34

Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certified content without invalidating its signature. "The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents under different permission levels," said researchers from Ruhr-University Bochum, who have systematically analyzed the security of the PDF specification over the years.

PDF Feature ‘Certified’ Widely Vulnerable to Attack
2021-05-26 20:14

Certified portable document format files are used to securely sign agreements between two parties while keeping the contents' integrity protected, but a new report found the security protections on most certified PDF applications were inadequate and left organizations exposed to a number of attacks. Researchers from Ruhr University Bochum explained certified PDFs use two specific signatures to authenticate the document, an Approval signature and a Certification signature.

Contract killer: Certified PDFs can be secretly tampered with during the signing process, boffins find
2021-05-26 06:46

A pair of techniques to surreptitiously alter the content of certified PDFs have been detailed by researchers in Germany. Using certified PDFs is increasingly common in business.

Adobe: Windows Users Hit by PDF Reader Zero-Day
2021-05-11 15:53

Adobe on Tuesday warned that a gaping security hole in one of the most widely deployed software products has been exploited in the wild in "Limited attacks targeting Adobe Reader users on Windows." Adobe's confirmation of the zero-day attack was buried in a security bulletin that documents at least 11 security vulnerabilities affected Adobe Acrobat and Reader on both Windows and MacOS platforms.