McAfee spots Adobe Reader PDF-tracking flaw

siljaline · Apr 29, 2013

McAfee said it has found a vulnerability in Adobe Systems' Reader program that reveals when and where a PDF document is opened.

The issue is not a serious problem and does not allow for remote code execution, wrote McAfee's Haifei Li in a blog post. But McAfee does consider it a security problem and has notified Adobe. It affects every version of Adobe Reader, including the latest version, 11.0.2, Li wrote.
Click to expand...

• http://www.cso.com.au/article/460356/mcafee_spots_adobe_reader_pdf-tracking_flaw/

aztony · Apr 29, 2013

Thanks for the heads up. Just last week I removed Adobe Reader from both my PCs because of publicized security vulnerabilities. Replaced with Nitro on one and Foxit on the other.

siljaline · Apr 29, 2013

You're welcome for the heads-up. You can limit Adobe Reader from loading via MSCONFIG. While this is not seen as a security vulnerability, it is understandable that some would be wanting alternate software.

anon · May 3, 2013

Adobe Reader and Acrobat Information Leakage Issue

Adobe Reader and Acrobat Information Leakage Issue
May 2, 2013

Adobe is aware of reports of a low severity information leakage issue described in a recent advisory. A user’s IP address and timestamp could be exposed when opening a specially crafted PDF and then clicking a URL within the document.

This issue will be resolved in the next scheduled releases (May 14) of Adobe Reader and Acrobat.
Click to expand...

Source: Adobe Product Security Incident Response Team (PSIRT) Blog

TheWindBringeth · May 3, 2013

Re: Adobe Reader and Acrobat Information Leakage Issue

Smells like http://blogs.mcafee.com/mcafee-labs/tracking-pdf-usage-poses-a-security-problem

Recently, we detected some unusual PDF samples. After some investigation, we successfully identified that the samples are exploiting an unpatched security issue in every version of Adobe Reader including the latest “sandboxed” Reader XI (11.0.2). Although the issue is not a serious problem (such as allowing code execution), it does let people track the usage of a PDF. Specifically, it allows the sender to see when and where the PDF is opened.
...
Until Adobe creates a patch, Reader users should consider disabling JavaScript in Reader.
Click to expand...

anon · May 3, 2013

Re: Adobe Reader and Acrobat Information Leakage Issue

TheWindBringeth said:

Smells like http://blogs.mcafee.com/mcafee-labs/tracking-pdf-usage-poses-a-security-problem
Click to expand...

How does this affect users?

Is this a serious problem? No, we don’t want to overvalue the issue. However, we do consider this issue a security vulnerability. Considering this, we have reported the issue to Adobe and we are waiting for their confirmation and a future patch. We are also hiding the key details of the vulnerability to protect Reader users. We may update this post at some point after we see a patch from Adobe.
Click to expand...

The issue is not a serious problem and does not allow for remote code execution, wrote McAfee's Haifei Li in a blog post. But McAfee does consider it a security problem and has notified Adobe.

http://www.computerworld.com/s/article/9238752/McAfee_spots_Adobe_Reader_PDF_tracking_flaw?taxonomyId=17
Click to expand...

Log in or Sign up

McAfee spots Adobe Reader PDF-tracking flaw

siljaline Registered Member

aztony Registered Member

siljaline Registered Member

anon Registered Member

TheWindBringeth Registered Member

anon Registered Member

Log in or Sign up

McAfee spots Adobe Reader PDF-tracking flaw

siljaline Registered Member

aztony Registered Member

siljaline Registered Member

anon Registered Member

TheWindBringeth Registered Member

anon Registered Member

Useful Searches