UK security researcher ‘Petko Petkov’ detailed on his blog late last week that he has discovered a serious vulnerability in Adobe’s PDF file system.
According to a story from Robert McMillan, of the IDG News Service, Petkov detailed on his blog that Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Petkov noted this on his blog by posting, ‘All it takes is to open a PDF document or stumble across a page which embeds one.’
Petkov said he will not release code that reveals how this attack works until Adobe provides a patch for the problem and he confirmed, according to IDG, that the vulnerability exists on Adobe Reader 8.1 on Windows XP and he suspects other versions may be affected as well. And no outside sources have confirmed his discovery.
Adobe’s SVP of the Creative Solutions Business Unit — John Loiacono, who helms ‘JohnnyL’s Blogic’ blog — made no comment in regard to the flaw this week; rather, he touted Adobe’s MAX conference and said, ‘You shouldn’t miss ‘What is the New Publishing Workflow Anyway’, being led by Will Eisley. He’ll be talking about how Adobe technologies enable you to create, manage and publish content across multiple channels.’
Hmm. One hopes that the first question Adobe will address for the attendees is how long they’ve known about this flaw and what the heck they’re going to do about it.
Petkov warned users to avoid opening any and all PDF files both locally and remotely, as quoted in the blog but that’s certainly not a viable method even short-term for remedying this vulnerability if it does indeed exist. Stay tuned as always.