Adobe confirms 'leaky PDF' flaw, fix due on 14 May

Adobe confirms 'leaky PDF' flaw, fix due on 14 May

Summary: Disable JavaScript in Adobe Reader if you're concerned with leaking your ISP, IP address and computing routine.

TOPICS: Security

Adobe says it will fix a minor "leakage issue" affecting Adobe Reader and Acrobat which is being exploited by email marketers, but could also be used by an attacker to scope out a target before launching a more serious assault.

Researchers at Intel's security firm McAfee last week reported the discovery of a security and privacy issue affecting all versions of Reader after detecting a few suspicious PDF samples.

They found a problem in the way Reader handles certain calls to the JavaScript API which could allow an attacker to send an attack PDF and track who has opened the file.

McAfee said, although the security flaw was not deemed to be serious, it could be used as a reconnaissance tool in a targeted attack. For example, PDFs emailed to victims by an attacker could provide them with the target's IP address, ISP, or computing routine, according to the firm.

The target would need to open a specially-crafted PDF and click on a link within the document to be exposed, Adobe said.

"A user's IP address and timestamp could be exposed when opening a specially crafted PDF and then clicking a URL within that document," Adobe's product security incident response team said on Friday.

Since it's a "low severity" information leaked issue, it will be resolved during Adobe's scheduled update for Acrobat and Reader due on 14 May.

The PDF samples found by McAfee's researchers were being used by an email tracking service provider. McAfee advised users to disable JavaScript in Reader until Adobe made a patch available. 

Although the flaw is technically being used in the wild, it's less severe than the Reader flaws that attackers were exploiting ahead of an emergency patch in February, which could allow them to take over a target's Mac or Windows machine.

Topic: Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • "Leaky PDF"

    Why don't you tell us whether the other PDF readers such as Okular or XPDF are affected?