Emerging Tech

Critical zero-day PDF bug found

Security researcher Petko D. Petkov has discovered a new zero-day PDF vulnerability that can lead to the complete compromise of a Windows machine. <br /><br /> The flaw can be triggered by simply opening an infected PDF document with Adobe's Acrobat Reader. Of note is that other viewers besides Adobe's Acrobat Reader might be vulnerable as well.

Security researcher Petko D. Petkov has discovered a new zero-day PDF vulnerability that can lead to the complete compromise of a Windows machine.

The flaw can be triggered by simply opening an infected PDF document with Adobe's Acrobat Reader. Of note is that other viewers besides Adobe's Acrobat Reader might be vulnerable as well.

Excerpt from eWeek:

Given that this latest meta media file flaw with PDF documents is so critical, given also that PDFs are used throughout the business world, and given the fact that he expects Adobe will take a while to fix its closed-source product, Petkov said he's refraining from publishing any POC (proof-of-concept) code.

"You have to take my word for it. The POCs will be released when an update is available," he said.

Some folks are understandably miffed by the lack of POC code. However, Petkov's credibility is shored up by five PDF-related "low threat" POCs that he put out earlier in January.

Adobe has since issued a statement saying that it's aware of Petkov's post and is in communication with him as it researches for a fix.

Adobe will post any updates on its Security Bulletins and Advisories page.

Are there preventive measure in the meantime? Petkov recommends staying away from all PDF files. Now, just how practical is it for you to have zero contact with PDF files?

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

3 comments
paulmah
paulmah

Now, just how practical would it be for you to have zero contact with PDF files?

ewingdweller
ewingdweller

As most manufacturers are now 'printing' their user guides and/or manuals as PDFs, it is impossible to avoid them. Hopefully, Adobe will resolve this issue and quickly plug the hole. Thanks.

Genera-nation
Genera-nation

We create, send & accept these all day.... If I was to ban .pdf files the upper management would start throwing fits. This would be despite knowing abut the potential danger!!

Editor's Picks