banner



Home  ›  McAfee spots Adobe Reader PDF-tracking vulnerability - eppsreck1993

McAfee spots Adobe Reader PDF-tracking vulnerability - eppsreck1993

Written By Tuesday, January 4, 2022 Add Comment Edit

McAfee said it has saved a vulnerability in Adobe Systems' Reader program that reveals when and where a PDF document is opened.

The issue is non a serious problem and does not allow for remote code murder, wrote McAfee's Haifei Li in a web log spot. Only McAfee does consider it a security problem and has notified Adobe brick. It affects every version of Adobe Reader, including the current rendering, 11.0.2, Li wrote.

McAfee recently sensed both "unusual" PDF samples, Li wrote. McAfee withheld some key details of the exposure, merely did generally describe it.

The issue occurs when someone launches a link to some other file path, which calls on a JavaScript API (practical application scheduling interface). Reader warns a substance abuser when they are going to turn a resourcefulness from other place, such atomic number 3 a connexion on the Internet.

If the outer resource does not exist, the warning dialog does not appear, just the API returns some TCP traffic, Li wrote. By manipulating a second parameter with a special measure, the API's behavior changes to reveal information. That could include information such as the location of a document on a organization "by vocation the JavaScript 'this.path' value," Li wrote.

"Malicious senders could exploit this vulnerability to collect sensitive entropy so much as Information processing address, Internet service provider or even the victim's computation routine," Li wrote. "To boot, our analysis suggests that more information could be collected by vocation various PDF JavaScript Genus Apis."

Li suggests the problem could be used for reconnaissance by attackers.

"Some people power leverage this issuance just out of rarity to know World Health Organization has opened their PDF documents, but others won't stop there," Li wrote. "An APT [advanced persistent threat] round usually consists of respective sophisticated stairs. The maiden step out is often collecting entropy from the victim; this military issue opens the door."

McAfee suggests that Adobe Subscriber users invalid JavaScript until a patch is released. Adobe officials could not constitute like a sho reached for comment.

Source: https://www.pcworld.com/article/451560/mcafee-spots-adobe-reader-pdftracking-flaw.html

Posted by: eppsreck1993.blogspot.com

0 Response to "McAfee spots Adobe Reader PDF-tracking vulnerability - eppsreck1993"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel