Saturday, 20 November 2010

Adobe PDF Reader X; The worlds most dangerous desktop application gets a fix

Lets face it; the security record of Adobe has not been good over the past few years, with an increasing number of exploits for Adobe products available in the wild.


These have frequently made network security professionals jobs difficult, with several 0-day PDF vulnerabilities meaning that attackers could easily penetrate network defenses using a client-side attack, by sending a malicious PDF document in an email or URL for example.

The difficulty of blocking these threats

These attacks have been very difficult to do anything about, especially as the malicious documents could be specially crafted as part of sophisticated spear-phishing attack, with uniquely created or encoded payloads. This is a lot easier than it sounds, if you have the knowledge, and there is no way that a signature-based anti-virus tool would have been able to stop such targeted attacks.

Also as usage of PDF documents is ubiquitous in the commercial world, so there was no way that system administrators could justify blocking all PDFs at the boundary.

A solution

Thankfully Adobe X Reader is here which uses sandbox technology to isolate threats in PDF documents. It may take a while before most enterprises deploy this software to all of their computer systems. Meanwhile the door is still open for attackers. (I am sure there are more vulnerabilities still to be discovered in older versions of Adobe Reader)

So, if you are a security manager or sysadmin, and are keen to secure your network from this type of attack, I suggest you put a plan together to roll this out to all of your desktops and laptops, as soon as you can.

2 comments: