Many Oz agencies still vulnerable to PDF exploits: DSD

Summary:DSD is now urging agencies to get behind Adobe Reader's sandbox technology.

The Defence Signals Directorate is now advising Australian government agencies and departments to ditch older versions of Adobe Reader and update to either version X or XI, due to it finding that many agencies are still running outdated software.

In a broadcast from DSD's Cyber Security Operations Centre (CSOC), the department advised that 80 percent of the incidents being reported to CSOC were socially engineered emails. Of those, almost a third of the attachments used were malicious PDF files.

"DSD continues to observe agencies using unpatched or older versions of applications."

"Malware kits, including PDF‐based exploits, are readily available, and many agencies continue to use unpatched or older versions of PDF readers, placing themselves at greater risk of compromise."

The advice applies to those agencies currently using Adobe Reader as their PDF viewer. The broadcast did not make a recommendation for or against the use of other PDF viewers.

DSD praised Adobe Reader's sandboxing technology, stating that it is "making the successful exploit of vulnerabilities far more difficult for malicious cyber actors."

Recently, however, Russian cybercrime investigation firm Group-IB blew the whistle on an alleged zero-day vulnerability that could bypass Adobe's sandbox and was being sold on underground forums for up to US$50,000.

Adobe has yet to confirm whether the claim is true, but is in talks with Group-IB to investigate further.

Topics: Security, Australia, Government, Government : AU


A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.