Posted on 01/03/2007 9:18:29 PM PST by HAL9000
Excerpt -
SAN FRANCISCO, Jan 04, 2007 (AP Worldstream via COMTEX News Network) --Computer security researchers said they have discovered a vulnerability in Adobe Systems Inc.'s ubiquitous Acrobat Reader software that allows cyber-intruders to attack personal computers through trusted Web links.
Virtually any Web site hosting Portable Document Format, or PDF, files are vulnerable to attack, according to researchers from Symantec Corp. and VeriSign Inc.'s iDefense Intelligence.
The attacks could range from stealing cookies that track a user's Web browsing history to the creation of harmful worms, the researchers said Wednesday.
~ snip ~
(Excerpt) Read more at quote.com ...
DOH!
Netscape 7 ok?
I don't know. It may depend on whether Netscape 7 uses the same Adobe Acrobat plug-in that IE and Firefox use, but there could be other factors like different Javascript engines.
According to another article, a person claiming to be at Adobe says "This issues ONLY effects the Windows platform. Mac, Linux, etc. users are NOT effected."
The security issue exists in Acrobat 7 only. It was fixed in Acrobat 8, so the best solution is to upgrade Adobe Acrobat.
While I think PDF is a great format for transmitting documents (even high-end for-print docs, I've done it), it was not designed with security in mind. Any security is something Adobe later tried to tack onto what is basically an open format.
Bookmarking with a prediction of 25
Researchers warn of flaw in Adobe PDF software
Last Updated: Thursday, January 4, 2007 | 9:11 AM ET
The Associated Press
Computer security researchers said Wednesday they have discovered a vulnerability in Adobe Systems Inc.'s ubiquitous Acrobat Reader software that allows cyber-intruders to attack personal computers through trusted web links.
Virtually any website hosting portable document format, or PDF, files are vulnerable to attack, according to researchers from Symantec Corp. and VeriSign Inc.'s iDefense Intelligence.
The attacks could range from stealing cookies that track a user's Web browsing history, to the creation of harmful worms, the researchers said.
The flaw, first revealed at a hacker conference in Germany over the holidays, exists in a plug-in that enables Acrobat users to view PDF files within web browsers. By manipulating the web links to those documents, hackers and online thieves are able to commandeer the Acrobat software and run malicious code when users attempt to open the files, according to Ken Dunham, director of the rapid response team at VeriSign's iDefense Intelligence.
Dunham gave this hypothetical scenario: an attacker finds a PDF file on a banking website. The attacker creates a hostile website that links to the bank's PDF file. Included is malicious JavaScript code that will run on the unsuspecting user's computer once the link is clicked.
"PDF is trusted and tried and true — everyone uses it," Dunham said. "But instead of just viewing the file, you've initiated script that shouldn't be executed. All you have to do is click on the PDF and the ball starts rolling."
Representatives from Adobe did not return a call from the Associated Press on Wednesday night.
The flaw appears to target Microsoft Corp.'s Internet Explorer 6.0 browser and earlier versions, and Mozilla's Firefox browser, the researchers said. They recommended that users protect themselves by upgrading Internet Explorer or changing Firefox's user options so the browser does not use the Acrobat plug-in.
Researchers said it's unclear how pervasive or harmful any future attacks might be.
"Given that it is easy to exploit, I would expect that we will see this method used considerably in the coming days and weeks, until it is resolved," a Symantec researcher said in a posting on a company web log.
http://www.cbc.ca/technology/story/2007/01/04/tech-pdf.html
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.