Researchers investigate Adobe vulnerability that enables a PDF to be tracked

Share this article:
Researchers investigate Adobe vulnerability that enables a PDF to be tracked
Researchers investigate Adobe vulnerability that enables a PDF to be tracked

Security firm McAfee said it has spotted a vulnerability in the latest version of Adobe Reader that would allow someone to track a PDF document.

The flaw, which is being exploited in the wild, affects all versions of Reader, including the most recent, 11.0.2. While the hole does not enable remote code execution – the most serious outcome a vulnerability can have – it can permit a sender "to see when and where the PDF is opened," McAfee researcher Haifei Li wrote in a Friday blog post.

And researchers haven't ruled out whether the flaw is being used as part of an advanced persistent threat (APT)-style attack.

"Is this a serious problem?" Li wrote. "No, we don't want to overvalue the issue. However, we do consider this issue a security vulnerability. Considering this, we have reported the issue to Adobe and we are waiting for their confirmation and a future patch."

Li said McAfee is aware of the issue being actively leveraged. It has spotted a number of PDF samples sent by an email tracking service provider. Researchers, however, are unsure if this was done with malicious intentions.

But the vulnerability, which is able to bypass built-in Reader sandbox protection, could be used in such a way, namely for an APT, Li said.

"An APT attack usually consists of several sophisticated steps," Li wrote. "The first step is often collecting information from the victim; this issue opens the door. Malicious senders could exploit this vulnerability to collect sensitive information such as IP address, internet service provider, or even the victim's computing routine. In addition, our analysis suggests that more information could be collected by calling various PDF JavaScript APIs. For example, the document's location on the system could be obtained by calling the JavaScript 'this.path' value."

An Adobe spokeswoman told SCMagazine.com on Monday that the company is aware of the issue and is investigating.

Share this article:

Sign up to our newsletters

More in News

Russian hacker Seleznev ordered to remain in custody

Roman Seleznev's attorneys requested that the hacker be released on bond, but their pleas were rejected this past week.

Bug in iOS Instagram app fixed, impacts Facebook accounts

The vulnerability comes into play when Instagram users search for Facebook friends to "follow."

AP denied security docs on HealthCare.gov, a risk to private information

AP denied security docs on HealthCare.gov, a risk ...

The Associated Press was denied a request made under the Freedom of Information Act for documents that contain security information on HealthCare.gov.