PDF exploits explode, continue climb in 2010

Sandboxing Adobe Reader may be the answer, says researcher

By , Computerworld |  Security, PDF

Microsoft also recently reported that PDF exploits remains a potent part of hackers' arsenals. In its newest Security Intelligence Report , Microsoft said that nearly half of all browser-based exploits in the second half of 2009 targeted Adobe's Reader. Three Reader vulnerabilities -- which were patched in May 2008, November 2008 and March 2009 -- accounted for more than 46% of all browser attacks.

McAfee rival Symantec has also tracked an explosion in PDF-based attacks. According to Symantec's latest Internet Security Threat Report , published last week, malicious PDFs were responsible for 49% of all Web-based attacks in all of 2009, compared to just 11% in 2008.

Like McAfee, Symantec also recorded a surge in reported Adobe Reader vulnerabilities. Of all browser plug-in bugs logged last year, 15% were in Reader's add-on for Internet Explorer, Firefox, Chrome and other Windows browsers. That was almost a four-fold increase from the 4% in 2008. And two of 2009's top five exploited vulnerabilities were in Adobe Reader.

Adobe declined to comment specifically about McAfee's and Microsoft's statistics on Reader vulnerabilities. Instead, a spokeswoman forwarded a statement the company has used before. "Given the relative ubiquity and cross-platform reach of many of our products, in particular our clients, Adobe has attracted -- and will likely continue to attract -- increasing attention from attackers," she said in an e-mail. "The majority of attacks we are seeing are exploiting software installations that are not up-to-date on the latest security updates."

The company's latest security move attempts to address the update issue; on April 13, Adobe switched on a service that silently updates customers' copies of Reader and Acrobat.

Adobe may be working on other ways to beef up Reader and Acrobat. According to one security researcher, Adobe will add sandboxing defenses to its PDF software this year. Sandboxing, perhaps best known as a technique used by Google 's Chrome browser, isolates processes from each other and the rest of the machine, preventing or hindering malicious code from escaping an application to wreak havoc or infect the computer with malware.

Adobe has acknowledged it will add sandboxing to Flash -- another of its products that is frequently targeted by exploits -- and has it at the top of its to-do list, according to Paul Betlem, senior director of Flash Player engineering.

Originally published on Computerworld |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Ask a Question