14 DAY TRIAL // The PDF format is currently owned by Adobe, the company that also provides the most popular products that allows you to work with PDF files: Adobe Reader and Adobe Acrobat Professional. Although they are so popular, this doesn't necessarily mean the two products are secure enough to assure that no vulnerability is exploited while the program is executed. This statement is sustained by a new security advisory released by the security company Secunia that discovered two new vulnerabilities in Adobe Reader and Acrobat.
"pdp has discovered a security issue in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to disclose sensitive information. The problem is that it is possible to launch "file://" URLs from within PDF files. This can be exploited to e.g. read arbitrary files on the system and send them to the attacker. Successful exploitation requires that a user is tricked into locally opening a PDF file," Secunia sustained in the advisory.
"My investigation shows that it is possible to launch file:// urls, which is something very dangerous to do. file:// protocol urls, launched in the browser, grant malicious JavaScript objects permissions to list the filesystem and steal confidential information," it is mentioned in the original advisory released by GNUCITIZEN.
The security company also mentioned the only affected version of Acrobat and Adobe Reader is 8.0.0 and the only solution to avoid the exploitation is to refuse to open untrusted PDF files.
It's obvious that we are no longer secure not even when we're using a simple PDF viewer because the applications are continuously affected by numerous vulnerabilities. Take the example of the antivirus programs that represent the main subject of the recently released security advisories. Kaspersky, McAfee and Symantec are the most affected companies, their products being continuously under attack.