Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

New PDF Scare, or Known Issue?

One of the problems with the field of Information Security is that information about vulnerabilities and concepts tends to get published so rapidly that it is possible to miss large swathes of reporting and investigative work being carried out.

When pdp and the team at GnuCitizen recently published an alert about a 'new' PDF vulnerability that they had discovered, that was almost the limit of the information being provided - that a vulnerability existed, and that was that. Without information about the mechanism that enabled the vulnerability, or the means by which the vulnerability functioned, many were left only with speculation about the underlying cause.

Vulnerabilities affecting the pdf format are not new, with some of the most serious vulnerabilities involving the way that pdf documents used to permit the embedding of JavaScript and the rendering of HTML without any consideration of the risks that this could pose when such a document was opened.

Even though he did not provide any technical details about the vulnerability, some researchers believe that they have a good idea of where to look, based on the style and type of vulnerabilities that pdp has uncovered in the past. Others assumed that pdp had rediscovered vulnerabilities that had already been disclosed and understood, but which he had not had the opportunity to see - relating back to the problem at the start of this article.

According to pdp, Adobe have confirmed that the vulnerability discovered is real and they are looking into it. Until either Adobe release a patch acknowledging pdp's discovery, or pdp releases further information, the rest remains speculation.

22 September 2007

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.