Researchers investigate Adobe vulnerability that enables a PDF to be tracked

Share this article:
Researchers investigate Adobe vulnerability that enables a PDF to be tracked
Researchers investigate Adobe vulnerability that enables a PDF to be tracked

Security firm McAfee said it has spotted a vulnerability in the latest version of Adobe Reader that would allow someone to track a PDF document.

The flaw, which is being exploited in the wild, affects all versions of Reader, including the most recent, 11.0.2. While the hole does not enable remote code execution – the most serious outcome a vulnerability can have – it can permit a sender "to see when and where the PDF is opened," McAfee researcher Haifei Li wrote in a Friday blog post.

And researchers haven't ruled out whether the flaw is being used as part of an advanced persistent threat (APT)-style attack.

"Is this a serious problem?" Li wrote. "No, we don't want to overvalue the issue. However, we do consider this issue a security vulnerability. Considering this, we have reported the issue to Adobe and we are waiting for their confirmation and a future patch."

Li said McAfee is aware of the issue being actively leveraged. It has spotted a number of PDF samples sent by an email tracking service provider. Researchers, however, are unsure if this was done with malicious intentions.

But the vulnerability, which is able to bypass built-in Reader sandbox protection, could be used in such a way, namely for an APT, Li said.

"An APT attack usually consists of several sophisticated steps," Li wrote. "The first step is often collecting information from the victim; this issue opens the door. Malicious senders could exploit this vulnerability to collect sensitive information such as IP address, internet service provider, or even the victim's computing routine. In addition, our analysis suggests that more information could be collected by calling various PDF JavaScript APIs. For example, the document's location on the system could be obtained by calling the JavaScript 'this.path' value."

An Adobe spokeswoman told SCMagazine.com on Monday that the company is aware of the issue and is investigating.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

WikiLeaks makes FinFisher surveillance software available to public

Copies of controversial surveillance software, called "FinFisher," were made available for public scrutiny by WikiLeaks.

Researcher challenges reports that BlackPOS variant struck Home Depot

Nuix believes the malware found on Home Depot's systems belongs to a different threat family.

Documents reveal NSA plans to map every internet connected device in the ...

Documents provided by Edward Snowden reveal that the NSA is looking to build a near real-time map of every single internet-connected device in the world.