We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Quicktime hacker finds Adobe PDF exploit

Petko Petkov bears bad news about PDF

The hacker who discovered a recently patched QuickTime flaw affecting the Firefox browser has turned his attention to what he claims is an equally serious flaw in Adobe's PDF (portable document format).

"Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!!," wrote Petko Petkov, in a blog posting. "All it takes is to open a PDF document or stumble across a page which embeds one."

Petkov said he had confirmed the issueusing Adobe Reader 8.1 on Windows XP and that other versions may be affected.

The security researcher said he would not release code that shows how this attack works until Adobe provided a patch for the problem, but he has already sent it to other software developers scrambling for bug fixes over the past week.

On September 12, Petkov reported that attackers could run unauthorised software on a Firefox user's PC by exploiting a flaw in Apple's QuickTime media format. Mozilla offered a partial fix for this problem on Tuesday, but said Apple would ultimately have to address the issue in its QuickTime media player.

Earlier this week Petkov posted code showing how Windows Media Player files could be used to make web surfers susceptible to Internet Explorer bugs, even if they were running another browser such as Firefox or Opera. Microsoft has said it is investigating this issue.

If Petkov's PDF claims are true, it could be bad news for business users, who are used to opening PDF attachments without thinking twice, said Andrew Storms, director of security operations with nCircle Network Security.

Though some attackers have crafted PDF attacks in recent years, Petkov's code could also be more effective than typical exploits, Storms added. "Historically, those other exploits have been targeted for specific versions of Adobe Reader," he said. "According to the information, this affects all versions. It's an inherent architectural problem in the way files are read."


IDG UK Sites

iPad Air 2 release date, price, specs, new features: world's thinnest tablet also gets Touch ID

IDG UK Sites

Why you shouldn't buy the iPad mini 3: No wonder Apple gave it 10 seconds of stage time

IDG UK Sites

Will Photoshop work with Yosemite? And will Illustrator, After Effects, Premiere Pro or the other A?......

IDG UK Sites

Should I upgrade from Mavericks to OS X 10.10 Yosemite? What you need to know before updating to...